my_bool mysql_ssl_set(MYSQL *mysql, const char *key,
const char *cert, const char *ca, const char *capath, const char
mysql_ssl_set() is used for
establishing encrypted connections using SSL. The
mysql argument must be a valid connection
handler. Any unused SSL arguments may be given as
mysql_ssl_set() specifies SSL
information such as certificate and key files for establishing
an encrypted connection if such connections are available, but
does not enforce any requirement that the connection obtained
be encrypted. To require an encrypted connection, use the
technique described in
Section 23.8.15, “C API Encrypted Connection Support”.
For additional security relative to that provided by the default encryption, clients can supply a CA certificate matching the one used by the server and enable host name identity verification. In this way, the server and client place their trust in the same CA certificate and the client verifies that the host to which it connected is the one intended. For details, see Section 23.8.15, “C API Encrypted Connection Support”.
mysql_options(mysql, MYSQL_OPT_SSL_KEY, key); mysql_options(mysql, MYSQL_OPT_SSL_CERT, cert); mysql_options(mysql, MYSQL_OPT_SSL_CA, ca); mysql_options(mysql, MYSQL_OPT_SSL_CAPATH, capath); mysql_options(mysql, MYSQL_OPT_SSL_CIPHER, cipher);
Because of that equivalence, applications can, instead of
omitting calls for those options for which the option value is
encrypted-connection options not available using
mysql_ssl_set(), such as
MYSQL_OPT_SSL_MODE to specify the security
state of the connection.
mysql: The connection handler returned from
key: The path name of the client private key file.
cert: The path name of the client public key certificate file.
ca: The path name of the Certificate Authority (CA) certificate file. This option, if used, must specify the same certificate used by the server.
capath: The path name of the directory that contains trusted SSL CA certificate files.
cipher: The list of permitted ciphers for SSL encryption.
This function always returns
0. If SSL
setup is incorrect, a subsequent
returns an error when you attempt to connect.