MySQL compiled with SSL

O

oobayly

I'm having some issues compiling MySQL with SSL support enabled.

Using:
7.2-RELEASE FreeBSD (GENERIC kernel)
mysql-server-5.1.39
mysql-client-5.1.39
openssl-0.9.8k_5

I've added the following /etc/make.conf
Code: 
# Always compile MySQL with SSL, Optimized & Statically compiled
.if ${.CURDIR:M*/database/mysql*}
  WITH_OPENSSL=yes
  BUILD_OPTIMIZED=yes
  BUILD_STATIC=yes
.endif

However, when I use portupgrade to upgrade MySQL server & client, or build the ports using WITH_OPENSSL=yes they both report that they haven't been built with OpenSSL:

Code: 
mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl  | NO    |
| have_ssl      | NO    |
| ssl_ca        |       |
| ssl_capath    |       |
| ssl_cert      |       |
| ssl_cipher    |       |
| ssl_key       |       |
+---------------+-------+
7 rows in set (0.00 sec)

Code: 
# mysql --ssl-ca=cacert.pem
mysql: unknown variable 'ssl-ca=cacert.pem'

Reading the MySQL documentation at:
http://dev.mysql.com/doc/refman/5.1/en/secure-using-ssl.html
It says the following:
Building MySQL using OpenSSL requires a shared OpenSSL library, otherwise linker errors occur.
Click to expand...
However, I can't see any options for that when I look at the make options for openssl.

Any suggestions as to what I'm doing wrong.
 
If I read this bit correctly:
Code: 
.if defined(WITH_OPENSSL)
.if !defined(WITHOUT_YASSL)
CONFIGURE_ARGS+=--with-ssl=bundled
.else
USE_OPENSSL=	yes
CONFIGURE_ARGS+=--with-ssl=${OPENSSLBASE}
.endif
.endif

Using WITH_OPENSSL will build it with the bundled libraries. If you don't supply WITH_OPENSSL and openssl is already installed it will use the openssl libraries.
 
Admittedly, my knowledge of Makefiles is pretty poor, but surely this bit (my indentation):
Code: 
.if defined(WITH_OPENSSL)
	.if !defined(WITHOUT_YASSL)
		CONFIGURE_ARGS+=--with-ssl=bundled
	.else
		USE_OPENSSL=    yes
		CONFIGURE_ARGS+=--with-ssl=${OPENSSLBASE}
	.endif
.endif
means that the USE_OPENSSL and CONFIGURE_ARGS variables will only be set/appended to when the WITH_OPENSSL variable is set and the WITHOUT_YASSL is set?

:i Am just trying to compile with USE_OPENSSL=yes WITHOUT_YASSL=yes
Of course, I may just find that I'm wasting my time doing this :\
 
oobayly said:
means that the USE_OPENSSL and CONFIGURE_ARGS variables will only be set/appended to when the WITH_OPENSSL variable is set and the WITHOUT_YASSL is set?

:i Am just trying to compile with USE_OPENSSL=yes WITHOUT_YASSL=yes
Of course, I may just find that I'm wasting my time doing this :\
Click to expand...

Yeah, I think I read it a bit too quick. Don't use USE_OPENSSL though. Use WITH_OPENSSL and WITHOUT_YASSL.
 
Completely forgot to add a follow up.

Don't use USE_OPENSSL though
Click to expand...
Ah, the dangers of copying and pasting, I did mean WITH_OPENSSL, honest!

I compiled MySQL using WITH_OPENSSL=yes WITHOUT_YASSL=yes and it did the job perfectly.

Unfortunately, when I did a simple make, it didn't appear to use the variables set in /etc/make.conf
Code: 
# Always compile MySQL with SSL, Optimized & Statically compiled
.if ${.CURDIR:M*/database/mysql*}
  WITH_OPENSSL=yes
  WITHOUT_YASSL=yes
  #BUILD_OPTIMIZED=yes
.endif
It's also not using the variables when I execute the following
Code: 
portupgrade -f mysql-server
 
You must log in or register to reply here.
Back
Top