This section describes how C applications use the C API capabilities for encrypted connections. By default, MySQL programs attempt to connect using encryption if the server supports encrypted connections, falling back to an unencrypted connection if an encrypted connection cannot be established (see Section 6.4.1, “Configuring MySQL to Use Encrypted Connections”). For applications that require control beyond the default behavior over how encrypted connections are established, the C API provides these capabilities:
mysql_options()function enables applications to set the appropriate SSL/TLS options before calling
mysql_real_connect(). For example, to require the use of an encrypted connection, see Enforcing an Encrypted Connection.
mysql_get_ssl_cipher()function enables applications to determine, after a connection has been established, whether the connection uses encryption. A
NULLreturn value indicates that encryption is not being used. A non-
NULLreturn value indicates an encrypted connection and names the encryption cipher. See Section 220.127.116.11, “mysql_get_ssl_cipher()”.
MYSQL_OPT_SSL_CA: The path name of the certificate authority file
MYSQL_OPT_SSL_CAPATH: The path name of the certificate authority directory
MYSQL_OPT_SSL_CERTThe path name of the certificate file
MYSQL_OPT_SSL_CIPHER: A list of permissible ciphers to use for SSL encryption.
MYSQL_OPT_SSL_CRL: The path name of the certificate revocation lists file
MYSQL_OPT_SSL_CRLPATH: The path name of the certificate revocation lists directory
MYSQL_OPT_SSL_KEY: The path name of the key file
MYSQL_OPT_SSL_MODE: The connection security state
MYSQL_OPT_SSL_VERIFY_SERVER_CERT: Whether to verify server Common Name value
MYSQL_OPT_TLS_VERSION: The encryption protocols permitted by the client
mysql_ssl_set() can be used as a
convenience routine that is equivalent to a set of
mysql_options() calls that
specify certificate and key files, encryption ciphers, and so
forth. See Section 18.104.22.168, “mysql_ssl_set()”.
mysql_options() options for
information such as SSL certificate and key files are used to
establish an encrypted connection if such connections are
available, but do not enforce any requirement that the
connection obtained be encrypted. To require an encrypted
connection, use the following technique:
mysql_options()to supply the appropriate SSL values (certificate and key files, encryption ciphers, and so forth).
mysql_options()to pass the
MYSQL_OPT_SSL_MODEoption with a value of
SSL_MODE_REQUIREDor one of the more-restrictive option values.
mysql_real_connect()to connect to the server. The call fails if an encrypted connection cannot be obtained; exit with an error.