Bug #2343 SSL without client certificate, and/or using system API for certificates
Submitted: 10 Jan 2004 0:19 Modified: 5 Dec 2007 18:55
Reporter: Nikolay Mirin Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: C API (client library) Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any

[10 Jan 2004 0:19] Nikolay Mirin
SSL support looks fine, but it would be much better if
mysql library allows anonymous client connections,
when the client doesn't provide any certificate,
just checks that of the server.
This is because, for example, one has to
keep the client key unencrypted, otherwise a 
password is requested upon a connection, which is OK
for console applications, but it cannot be accepted
for GUI.
Another idea is to combine ssl features with Microsoft
crypto-API. This will allow using windows
certificate storages, without ugly external PEM files.
At least I was able to perform such things with
Postgres client library.

How to repeat:
[28 Jan 2006 12:34] Valeriy Kravchuk
Thank you for a useful feature request(s).
[28 Jan 2006 12:46] Valeriy Kravchuk
Bug #2233 is marked as a duplicate (of the first, non Windows related) part of this feature request.
[5 Jan 2007 9:58] Axel Schwenke
Using SSL connection without any certificate on the client is actually possible with certain versions of MySQL and/or openssl. But it always fails with yassl. I suggest to fix this misbehaviour for both SSL implementations!
[5 Jan 2007 9:59] Axel Schwenke
There is related bug #25309 re openssl/version problems.