Description:
Manual. 5.9.7.3. Using SSL Connections with yaSSL
---------------------
To start the MySQL server with yaSSL support, use the same options as with OpenSSL support and identify the certificates needed to establish a secure connection:
shell> mysqld --ssl-ca=cacert.pem \
--ssl-cert=server-cert.pem \
--ssl-key=server-key.pem
--ssl-ca identifies the Certificate Authority certificate.
--ssl-cert identifies the server certificate.
--ssl-key identifies the client certificate. >>>Should be: identifies the server private key
---------------------
To establish a secure connection to a MySQL server with yaSSL support, start a client like this:
shell> mysql --ssl-ca=cacert.pem \
--ssl-cert=server-cert.pem \ >>>Should be: --ssl-cert=client-cert.pem \
--ssl-key=server-key.pem >>>Should be: --ssl-key=client-key.pem
In other words, the options are the same as for the server, and the Certificate Authority certificate has to be the same.
>>>Should be: In other words, the options are the similar as for the server, and the Certificate Authority certificate has to be the same.
----------------------
Server key and certificate for client work, but this is security bug - CLIENT HAS SERVER PRIVATE KEY !!!
How to repeat:
Read manual v.5.0.21 (*.chm): 5.9.7.3. Using SSL Connections with yaSSL
Suggested fix:
Change manual with text followed for ">>>Should be:" into Descryption.
If this part will corrected, I think, there is reason to add some info:
Version which YaSSL included from:
-------------
Currently, yaSSL support is available for these platforms:
Linux/x86-64 Red Hat Enterprise 3.0 (...)
Linux RHAS21 Itanium-2 with gcc, statically linked (...)
Linux Itanium-2 with gcc (...)
Windows (all builds) (YaSSL presents into binary distribution from v.5.0.20a)
-------------
How to check that YaSSL works:
-------------
To check whether a running mysqld server supports YaSSL, same as for OpenSSL, examine the value of the have_openssl system variable.
-------------