当前位置: 动力学知识库 > 问答 > 编程问答 >

openssl - MySQL SSL connection process

问题描述:

When you connect to MySQL through an SSL connection why do you pass the server side certificates as the parameters? I would have thought that (like with HTTPS) you would have a client side key and then do all the SSL handshakey stuff from there. But when you connect to MySQL with SSL you use:

mysql --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem

But the client key is coming from the server but I would have thought it came from the client?

It then leads onto the question about REQUIRE ISSUER (for example). Surely you only have a choice of using the same certificate the server issues so why would you ever need that parameter?

"If the client presents a certificate that is valid but has a different issuer"

How would the client ever present a certificate that was different?

Maybe I'm missing something obvious so apologies if this is a stupid question.

网友答案:

The key here is that the client certificates must be manually copied to the client and used in the connection process. I hope that helps anyone else who didn't find this!

分享给朋友:
您可能感兴趣的文章:
随机阅读: