Documentation Home
MySQL 5.6 C API Developer Guide
Download this Manual
PDF (US Ltr) - 1.0Mb
PDF (A4) - 1.0Mb
HTML Download (TGZ) - 130.0Kb
HTML Download (Zip) - 152.9Kb

7.68 mysql_ssl_set()

my_bool mysql_ssl_set(MYSQL *mysql, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher)


mysql_ssl_set() is used for establishing encrypted connections using SSL. The mysql argument must be a valid connection handler. Any unused SSL arguments may be given as NULL.

If used, mysql_ssl_set() must be called before mysql_real_connect(). mysql_ssl_set() does nothing unless SSL support is enabled in the client library.

mysql_ssl_set() specifies SSL information such as certificate and key files for establishing an encrypted connection if such connections are available, but does not enforce any requirement that the connection obtained be encrypted. To require an encrypted connection, use the technique described in Chapter 15, C API Support for Encrypted Connections.

For additional security relative to that provided by the default encryption, clients can supply a CA certificate matching the one used by the server and enable host name identity verification. In this way, the server and client place their trust in the same CA certificate and the client verifies that the host to which it connected is the one intended. For details, see Chapter 15, C API Support for Encrypted Connections.

mysql_ssl_set() is a convenience function that is essentially equivalent to this set of mysql_options() calls:

mysql_options(mysql, MYSQL_OPT_SSL_KEY,    key);
mysql_options(mysql, MYSQL_OPT_SSL_CERT,   cert);
mysql_options(mysql, MYSQL_OPT_SSL_CA,     ca);
mysql_options(mysql, MYSQL_OPT_SSL_CAPATH, capath);
mysql_options(mysql, MYSQL_OPT_SSL_CIPHER, cipher);

Because of that equivalence, applications can, instead of calling mysql_ssl_set(), call mysql_options() directly, omitting calls for those options for which the option value is NULL. Moreover, mysql_options() offers encrypted-connection options not available using mysql_ssl_set(), such as MYSQL_OPT_SSL_MODE to specify the security state of the connection.


  • mysql: The connection handler returned from mysql_init().

  • key: The path name of the client private key file.

  • cert: The path name of the client public key certificate file.

  • ca: The path name of the Certificate Authority (CA) certificate file. This option, if used, must specify the same certificate used by the server.

  • capath: The path name of the directory that contains trusted SSL CA certificate files.

  • cipher: The list of permissible ciphers for SSL encryption.

Return Values

This function always returns 0. If SSL setup is incorrect, a subsequent mysql_real_connect() call returns an error when you attempt to connect.