Bug #33897 ODBC Driver 5.1.1 Beta fails to connect using SSL when SSL-Key set on ODBC Dlg
Submitted: 17 Jan 2008 14:47 Modified: 14 Feb 2008 16:39
Reporter: Tony Whyman Email Updates:
Status: Closed Impact on me:
None 
Category:Connector / ODBC Severity:S2 (Serious)
Version:5.1.1 Beta OS:Windows
Assigned to: Jess Balint CPU Architecture:Any

[17 Jan 2008 14:47] Tony Whyman
Description:
The ODBC driver will only successfully connect using SSL when the ssl-key source is configured into a my.ini file and the ODBC driver told to use a my.cnf file under "FLAGS 3".

If the path to the ssl-key file is set in the ODBC configuration dialog then the connector fails to connect using SSL and fails with an SSL Connect Error.

The ssl-cert and ssl-ca settings appear to be setable in either the my.ini or the ODBC Configuration Dialog with connection possible in either case.

Note: the older ODBC 3.51 driver does not appear to work with SSL even when the above work around is applied.

How to repeat:
Set up a test system under Windows (I used WinXP Home SP2) with a minimal MySQL Client (no server) and the 5.1.1 ODBC connector (the 3.51 connector was also installed on the test system).

Install the CA and Client PEM encoded certificates and the client key (Openssl generated) in c:\.

Configure c:\my.ini with

[client]
ssl-key=c:\mykey.pem

use the MS ODBC connection manager to configure an ODBC connection as described above. With no ssl key configured in the dialog, connection should work, with the ssl key configured, connection fails.
[17 Jan 2008 15:17] Tony Whyman
Digging around deeper, I think I found the underlying bug.

When you set an SSL Key in the ODBC dialog, the SSLCIPHER entry in the registry is also set to the path to the SSL Key. Deleting the registry entry SSLCIPHER allows the ODBC driver to work with SSL.

Indeed, setting the SSL Cipher in the ODBC configuration dialog always causes the setting of the SSLKEY entry to be copied to the SSLCIPHER. Looks like a very basic source code typo.
[17 Jan 2008 16:33] Jess Balint
Index: setupgui/windows/odbcdialogparams.cpp
===================================================================
--- setupgui/windows/odbcdialogparams.cpp       (revision 999)
+++ setupgui/windows/odbcdialogparams.cpp       (working copy)
@@ -254,7 +254,7 @@
     getStrFieldData(&params.sslcert     , 5, IDC_EDIT_sslcert);
     getStrFieldData(&params.sslca       , 5, IDC_EDIT_sslca);
     getStrFieldData(&params.sslcapath   , 5, IDC_EDIT_sslcapath);
-    getStrFieldData(&params.sslcipher   , 5, IDC_EDIT_sslkey);
+    getStrFieldData(&params.sslcipher   , 5, IDC_EDIT_sslcipher);
 }

 void syncTabs(HWND hwnd, DataSource &params)
[23 Jan 2008 21:18] Jess Balint
Patch committed into svn rev1008. Will be released in version 5.1.2.
[14 Feb 2008 16:39] MC Brown
A note has been added to the 5.1.2 changelog: 

The SSLCIPHER option would be incorrectly recorded within the SSL configuration on Windows.