Documentation Home
MySQL 5.7 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 38.0Mb
PDF (A4) - 38.1Mb
PDF (RPM) - 37.4Mb
HTML Download (TGZ) - 10.2Mb
HTML Download (Zip) - 10.2Mb
HTML Download (RPM) - 8.9Mb
Man Pages (TGZ) - 216.6Kb
Man Pages (Zip) - 329.5Kb
Info (Gzip) - 3.5Mb
Info (Zip) - 3.5Mb
Excerpts from this Manual

MySQL 5.7 Reference Manual  /  ...  /  C API Encrypted Connection Support

27.8.15 C API Encrypted Connection Support

This section describes how C applications use the C API capabilities for encrypted connections. By default, MySQL programs attempt to connect using encryption if the server supports encrypted connections, falling back to an unencrypted connection if an encrypted connection cannot be established (see Section 6.4.1, “Configuring MySQL to Use Encrypted Connections”). For applications that require control beyond the default behavior over how encrypted connections are established, the C API provides these capabilities:

C API Options for Encrypted Connections

mysql_options() provides the following options for control over use of encrypted connections. For option details, see Section 27.8.7.50, “mysql_options()”.

  • MYSQL_OPT_SSL_CA: The path name of the certificate authority file

  • MYSQL_OPT_SSL_CAPATH: The path name of the certificate authority directory

  • MYSQL_OPT_SSL_CERT The path name of the certificate file

  • MYSQL_OPT_SSL_CIPHER: A list of permissible ciphers to use for SSL encryption.

  • MYSQL_OPT_SSL_CRL: The path name of the certificate revocation lists file

  • MYSQL_OPT_SSL_CRLPATH: The path name of the certificate revocation lists directory

  • MYSQL_OPT_SSL_KEY: The path name of the key file

  • MYSQL_OPT_SSL_MODE: The connection security state

  • MYSQL_OPT_SSL_VERIFY_SERVER_CERT: Whether to verify server Common Name value

  • MYSQL_OPT_TLS_VERSION: The encryption protocols permitted by the client

mysql_ssl_set() can be used as a convenience routine that is equivalent to a set of mysql_options() calls that specify certificate and key files, encryption ciphers, and so forth. See Section 27.8.7.73, “mysql_ssl_set()”.

Enforcing an Encrypted Connection

mysql_options() options for information such as SSL certificate and key files are used to establish an encrypted connection if such connections are available, but do not enforce any requirement that the connection obtained be encrypted. To require an encrypted connection, use the following technique:

  1. Call mysql_options() to supply the appropriate SSL values (certificate and key files, encryption ciphers, and so forth).

  2. Call mysql_options() to pass the MYSQL_OPT_SSL_MODE option with a value of SSL_MODE_REQUIRED or one of the more-restrictive option values.

  3. Call mysql_real_connect() to connect to the server. The call fails if an encrypted connection cannot be obtained; exit with an error.


User Comments
Sign Up Login You must be logged in to post a comment.