Sannis / node-mysql-libmysqlclient

Asynchronous MySQL binding for Node.js
http://sannis.github.com/node-mysql-libmysqlclient
Other
229 stars 47 forks source link

Use SSL connection #152

Closed Tamiyadd closed 12 years ago

Tamiyadd commented 12 years ago

Hi, i'm trying to make an SSL connection to a database but I always get "Error: Not connected" message.

Here is my code:

conn = mysql.createConnectionSync();
conn.connectSync(host, user, password, database)
conn.setSslSync(key, cert, ca, "", "ALL");

the variable for the connection are right

i'm doing something wrong or there is another problem?

thank for the help

Sannis commented 12 years ago

I've not tests for SSL connections yet, so I need to check it.

What kind if values are you pass as key, cert, ca?


And I think you shoukld call setSslSync() before realConnect(). See description in MySQL docs: http://dev.mysql.com/doc/refman/5.5/en/mysql-ssl-set.html Also you should run mysqld with --ssl or enable it in my.cnf.

Tamiyadd commented 12 years ago

These are the value I use

var
  key = "client-key.pem",
  cert = "client-cert.pem",
  ca = "ca-cert.pem";

i've also tried to put the setSslSync() before the connection and i get the same error.

The server that contain the database is running with mysqld --ssl, do i have to enable mysqld with --ssl on the server where node js is running?

thanks again

Tamiyadd commented 12 years ago

any news?

Sannis commented 12 years ago

There was at least one bug in code, that I fixed in master (f7db041e57d8c573038564c0a7332dc53a648903). But I can't reproduce SSL connection on my laptop.

UPDATE:

Right commands sequence:

var conn = cfg.mysql_libmysqlclient.createConnectionSync();

conn.initSync();
conn.setSslSync(key, cert, ca, "", "ALL");
conn.realConnectSync(host, user, password, database);
egorgripasov commented 12 years ago

any news here? it works fine on mac, but on ubuntu i see SSL connection error: SSL_CTX_new failed can this be related with libmysql-dev or openssl versions?

Sannis commented 12 years ago

I've finish check on OS X - all works for me after fix (f7db041e57d8c573038564c0a7332dc53a648903). I have no Ubuntu box for tests, but I'll try to check this on openSUSE too.

can this be related with libmysql-dev or openssl versions?

My module uses mysql_config to determine proper build flags to use system openssl, that is used by MySQL server. It mostly looks like SSL is disable on server side (see, f.e., http://forums.mysql.com/read.php?10,508002,508002).

Can you try to connect using console client?

mysql --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem 
egorgripasov commented 12 years ago

i have mysql on remote server, it was configurated properly, cuz i'm able to create ssl connection from OS X with your module; also i'm able to connect from Ubuntu using console client;

but any attemp of connection via module from ubuntu gives me that err.

Sannis commented 12 years ago

Can you show me server and client sections of your my.cnf and check server error log for startup errors?

Sannis commented 12 years ago

Also ldd /usr/bin/mysql and ldd path/to/bindings.node would be helpful.

Sannis commented 12 years ago

I forgot ldd path/to/node.

Sannis commented 12 years ago

Move this to next v1.5.0-high-level-options milestone.

egorgripasov commented 12 years ago

sorry for delay, i was busy with other work;

The problem we ran into was in cipher settings. If a list of permissible ciphers = 'ALL' - that works fine for mac, but for some odd reason doesn't work on ubuntu. but when this list contains defined cipher (AES256-SHA for our case), that works fine in both mac&ubuntu.

Sannis commented 12 years ago

Thanks, Egor!

sand123 commented 7 years ago

Node 0.11, changing

conn.setSslSync(key, cert, ca, "", "ALL"); 

to

conn.setSslSync(key, cert, ca, null, null);

solved connecton error 2026

Full example

conn = mysql.createConnectionSync();
conn.initSync();
conn.setSslSync(config.key, config.cert, config.ca, null, null);
conn.realConnectSync(config.ip, config.user, config.passwd, config.db);
if(conn.connectedSync()){
    console.log("OK");
    conn.closeSync();
} else {
    console.log(conn);
    console.error("FAILED " + conn.connectErrno);
}