MySQL SSL settings do not always require the sslkey option
Reported by Micah Wedemeyer | May 25th, 2008 @ 09:58 PM
Using the MySQL SSL settings in database.yml is conditional on there being an 'sslkey' option set. While this is sometimes the case, it's not always necessary. In many cases the only required option to set is the 'sslca' (certificate authority) file. This file is always required, even when the 'sslkey' option is also set.
Taken straight from the MySQL docs at: http://dev.mysql.com/doc/refman/...
If the account has no special SSL requirements or was created using a GRANT statement that includes the REQUIRE SSL option, a client can connect securely by using just the --ssl-ca option:
The patch just changes the conditional to check if 'sslca' is set instead of looking for 'sslkey'.
I have tested this on my local setup using only the sslca option. The connection worked fine and was being encrypted correctly (ie. I could see the SSL cipher when running the command 'SHOW STATUS LIKE 'Ssl_cipher';')
I apologize if the git patch is not correctly formatted. This is my first experience with git.
Comments and changes to this ticket
-
Pratik May 25th, 2008 @ 10:38 PM
- → Title changed from “[PATCH] MySQL SSL settings do not always require the sslkey option” to “MySQL SSL settings do not always require the sslkey option”
-
Micah Wedemeyer May 25th, 2008 @ 11:00 PM
I forgot to update the comments to add the sslca option. It's actually been in the code for a while, but never made it into the comments.
Attaching a patch with the updated comments.
-
Repository July 12th, 2008 @ 03:01 AM
- → Tag changed from “” to “activerecord patch ssl”
- → State changed from “new” to “resolved”
(from [5e2e1ed9ffc481a91596d8c3fd9a68d7977e75ca]) Ensure MysqlAdapter allows SSL connection when only sslca is supplied. [#253 state:resolved]
Signed-off-by: Pratik Naik
Please Login or create a free account to add a new comment.
You can update this ticket by sending an email to from your email client. (help)
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
Source available from github
The Git repository resides at http://github.com/rails
Check out the current development trunk (Edge Rails) with:
git clone git://github.com/rails/rails.git
Creating or reviewing a patch
See the contributor guide.
Creating a feature request
Please don't. If you want a new feature in Rails, you'll have to pull up your sleeves and get busy yourself. Or convince someone else to do it. See the contributor guide on how to get going. But posting them here is just going to lead to ticket root.
Creating a bug report
When creating a bug report, be sure to include as much relevant information as possible. Post the code sample that causes the problem. Preferably, alter the unit tests and show through either changed or added tests how the expected behavior is not occuring.
Security vulnerabilities should be reported via an email to security@rubyonrails.org, do not use trac for reporting security vulnerabilities. All content in trac is publicly available as soon as it is posted.
Then don't get your hopes up. Unless you have a "Code Red, Mission Critical, The World is Coming to an End" kinda bug, you're creating this ticket in the hope that others with the same problem will be able to collaborate with you on solving it. Do not expect that the ticket automatically will see any activity or that others will jump to fix it. Creating a ticket like this is mostly to help yourself start on the path of fixing the problem and for others to sign on to with a "I'm having this problem too".
