Bug #28146 provide SSL-enabled binaries for Linux, NetWare and Win32 platforms
Submitted: 28 Apr 2007 0:33 Modified: 29 Oct 2010 21:09
Reporter: Guenter K Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S4 (Feature request)
Version:4.1.x, 5.x OS:Any
Assigned to: CPU Architecture:Any
Tags: SSL-aware binaries

[28 Apr 2007 0:33] Guenter K 
Description:
its a real pain that you can download binaries for each and every platform, but when it comes to security then you are lost! I downloaded NetWare and Win32 binary distros, and both seem not SSL-enabled; on my SuSE 10.1 box same with shipping mysql, so currently it seems that at the moment when I want security I have to build from sources....
That is really not ok, and MySQL AB should consider to offer SSL-aware binaries on their download pages.

How to repeat:
add to my.cnf the certs created with sample shell script:
[client]
ssl-ca=/temp/mysql_ssl/openssl/cacert.pem
ssl-cert=/temp/mysql_ssl/openssl/client-cert.pem
ssl-key=/temp/mysql_ssl/openssl/client-key.pem
[mysqld]
ssl-ca=/temp/mysql_ssl/openssl/cacert.pem
ssl-cert=/temp/mysql_ssl/openssl/server-cert.pem
ssl-key=/temp/mysql_ssl/openssl/server-key.pem

server doesnt start anymore.

Suggested fix:
provide them!
[28 Apr 2007 7:19] alois winter 
I'm an ISP and cutomers are permanently asking me for direct connection to their mysql databases, so I would also really appreciate if MySQL AB would provide SSL-enabled binaries for the mentioned platforms, sepcially for NetWare and SuSE Linux.
[10 Dec 2007 13:32] Mario Brandt 
I think it is a good idea to have more secure binaries for those who can't built the binaries them self (including me).
There are many seminars on MySQL Dev page about security, but less support from the source it self.
[29 Oct 2010 21:09] Joerg Bruehe 
This has been done since long, so this entry is just "for the record".

Novell Netware is not supported any more, this platform is ignored here.

I checked with the current versions of 5.0 (extended support: 5.0.90, 5.0.91), 5.1 (GA: 5.1.51, 5.1.52), and 5.5 (rc: 5.5.6-rc, 5.5.7-rc).
For all these versions, our build test logs show that the binary packages for Linux and for Windows were built including SSL, both community and enterprise (commercial) packages (all configurations).

The only exception are the (Linux) packages compiled using the Intel compiler, "icc", because the SSL library used is not compatible with this compiler (some C++ issue), also the RPMs for x86 linked statically against glibc 2.2.
ICC packages are those tar.gz packages which bear "-icc" in their name, and also the "specific" (for RHEL and SLES) RPMs for the IA64 CPU.

This was introduced long ago, it is not worth the effort to check the archive for the exact versions when this was introduced.
On behalf of the MySQL team, I can just apologize that the change was not noted here.
I'm sorry!

For completeness, a note about other platforms:
In addition to Linux and Windows, SSL is also enabled in the packages for 
Solaris (version 8, 9, or 10 on x86, x86_64, Sparc-32, or Sparc-64),
OS X (version 10.4, 10.5, or 10.6 on x86, x86_64),
and FreeBSD,

Again "for the record":
The fact that the server and client software is SSL-enabled does not mean it will always use SSL - the user/administrator must still provide the necessary certificates and set the appropriate options.