How to set cert for QSqlDatabase connection with SSL?



  • Hello,

    I am trying to connect to MySQL db over SSL, but I get an error: "SSL connection error QMYSQL: Unable to connect"
    I followed procedure from "here":http://dev.mysql.com/doc/refman/5.5/en/secure-create-certs.html (example 1) and set up my.cnf, server-side appearrs to work ok:
    @mysql> show variables like '%ssl%';
    +---------------+-----------------------------+
    | Variable_name | Value |
    +---------------+-----------------------------+
    | have_openssl | YES |
    | have_ssl | YES |
    | ssl_ca | /root/certs/ca-cert.pem |
    | ssl_capath | |
    | ssl_cert | /root/certs/server-cert.pem |
    | ssl_cipher | |
    | ssl_key | /root/certs/server-key.pem |
    +---------------+-----------------------------+@

    I have "QT += core gui sql ssl network" in .pro and connect with following code:
    @ QSqlDatabase db = QSqlDatabase::addDatabase("QMYSQL","asterisk");
    db.setHostName(iHostLineEdit->text());
    db.setDatabaseName("asterisk");
    db.setConnectOptions("CLIENT_SSL=1;CLIENT_IGNORE_SPACE=1");
    db.setUserName(iUserLineEdit->text());
    db.setPassword(iPassLineEdit->text());
    bool ok = db.open();@
    My guess (based on "this":http://dev.mysql.com/doc/refman/5.5/en/secure-using-ssl.html ) is that I have to set CA-cert.pem as certification authority cert. But how do I do that without any QSslSocket instance?

    EDIT
    in case: I work on windows with mingw; mysql connection without ssl works.



  • According to the MySQL docs, the mysql_ssl_set() function needs to be called before opening the connection.

    I suggest that you create a feature request at bugreports.qt.nokia.com stating your problem and requesting additional connection options for setting SSL certificates.

    As a workaround, you have to call mysql_ssl_set() manually before calling QSqlDatabase::open(). QSqlDriver::handle() returns a QVariant containing the MYSQL* connection pointer. Pseudo code:

    @mysql_ssl_set(qvariant_cast<MYSQL *>(mySqlDatabase->driver->handle()), "...", ... @



  • farryF, thank you for your answer, I'll try that API. If I succeed I'll post reqest - for now I'm not sure I set up certs correctly. I can connect to mysqld over ssl from commandline only when specyfying all: ca-cert, client-cert and client-key.



  • You can try this "simple solution":http://qt-project.org/forums/viewthread/24984/.
    Bye


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.