Documentation Home
MySQL 5.7 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 37.9Mb
PDF (A4) - 37.9Mb
PDF (RPM) - 37.3Mb
HTML Download (TGZ) - 10.3Mb
HTML Download (Zip) - 10.3Mb
HTML Download (RPM) - 8.9Mb
Man Pages (TGZ) - 216.7Kb
Man Pages (Zip) - 329.5Kb
Info (Gzip) - 3.4Mb
Info (Zip) - 3.4Mb
Excerpts from this Manual mysql_ssl_set()

my_bool mysql_ssl_set(MYSQL *mysql, const char *key, const char *cert, const char *ca, const char *capath, const char *cipher)


mysql_ssl_set() is used for establishing secure connections using SSL. If used, it must be called before mysql_real_connect().

It is not necessary to call mysql_ssl_set() to obtain a secure connection because MySQL programs attempt to connect securely by default if the server supports secure connections (see Section 6.4.1, “Configuring MySQL to Use Secure Connections”).

mysql_ssl_set() is a convenience function that may be used instead of this equivalent set of mysql_options() calls:

mysql_options(mysql, MYSQL_OPT_SSL_KEY,    key);
mysql_options(mysql, MYSQL_OPT_SSL_CERT,   cert);
mysql_options(mysql, MYSQL_OPT_SSL_CA,     ca);
mysql_options(mysql, MYSQL_OPT_SSL_CAPATH, capath);
mysql_options(mysql, MYSQL_OPT_SSL_CIPHER, cipher);

Applications can call mysql_options() directly, and can omit those calls for which the option value is NULL. In addition, mysql_options() supports secure-connection options that mysql_ssl_set() does not, such as MYSQL_OPT_SSL_MODE to specify the security state of the connection.

mysql_ssl_set() does nothing unless SSL support is enabled in the client library.


  • mysql: The connection handler returned from mysql_init().

  • key: The path name to the key file

  • cert: The path name to the certificate file

  • ca: The path name to the certificate authority file

  • capath: The path name to a directory that contains trusted SSL CA certificates in PEM format

  • cipher: A list of permissible ciphers to use for SSL encryption

The mysql argument must be a valid connection handler. Any unused SSL arguments may be given as NULL.

Return Values

This function always returns 0. If SSL setup is incorrect, a subsequent mysql_real_connect() call returns an error when you attempt to connect.

Enforcing an Encrypted Connection

mysql_ssl_set() specifies SSL information such as certificate and key files for establishing a secure connection if such connections are available, but does not enforce any requirement that the connection obtained be secure. To require an encrypted connection, the standard MySQL client programs use the following technique, which can also be used by third-party applications:

  1. If the --ssl-mode=REQUIRED command-line option was specified, turn on SSL by calling mysql_ssl_set() to supply the appropriate SSL values. In addition, call mysql_options(), passing the MYSQL_OPT_SSL_MODE option with a value of SSL_MODE_REQUIRED. If the mysql_options() call fails, exit with an error.

  2. Call mysql_real_connect() to connect to the server. The call fails if an encrypted connection cannot be obtained.

User Comments
Sign Up Login You must be logged in to post a comment.