Connecting to a remote MySQL server from a Delphi program through SSL

StackOverflow https://stackoverflow.com/questions/4295740

Question

I don't have a good knowledge of SSL principles, but just want the encryption to work for me. I have a DB and a user with "REQUIRE X509" specified. The necessary certificates have been created as described in MySQL docs, and work well - i can connect to the server from Windows command line.

The problem arises, when i try to do the same from my program using MySQL Client API (without SSL, the program also works fine). The unit used is: http://www.audio-data.de/mysql.html.

These are my action paths: 1) if i just add mysql_ssl_set() call (with proper params) before mysql_real_connect(), the last one gives generic SSL Connection Error. 2) the MySQL docs in en/mysql-ssl-set.html say, that the function always returns 0. But when i checked that, it appeared that the result is the number 11150848. Then i wrote it like that:

showmessage(inttostr(mysql_ssl_set(mys, '.\certs\client-key.pem', '.\certs\client-cert.pem', '.\certs\ca-cert.pem', nil)));

...and repeated the line 8 times. Each time it returned a slightly greater number - 11158528, 11158784, 11159040, ... and two zeroes for the last two calls.

After which mysql_real_connect() was finally successful! The program even managed to execute some queries, return proper results for them (i know the data), but then it crashed with an Access Violation: write of address ... at some place. The crash point varied between runs and slight changes to code.

It looks much like a version incompatibility issue. I tried libraries from both MySQL 5.0 and 5.1 Windows installations (the server is 5.1 and runs under Linux remotely; however, 5.0 mysql-client programs do not have troubles when SSL-connecting to it), but with no success.

Is anybody familiar with the issue? Thanks a lot for the help & sorry for the mistakes in the question.

Was it helpful?

Solution

As I see the mysql_ssl_set declaration is incorrect. It is declared:

function mysql_ssl_set(_mysql: PMYSQL; key, cert, ca, capath: PAnsiChar): longint; stdcall;

But the mysql.h contains:

my_bool     STDCALL mysql_ssl_set(MYSQL *mysql, const char *key,
                      const char *cert, const char *ca,
                      const char *capath, const char *cipher);

That explains the garbage in return value, AV's and so on.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top