79 lines
2.7 KiB
Diff
79 lines
2.7 KiB
Diff
diff --git a/lib/DBD/mysql.pm b/lib/DBD/mysql.pm
|
|
index ec107a6..dc5eb06 100644
|
|
--- a/lib/DBD/mysql.pm
|
|
+++ b/lib/DBD/mysql.pm
|
|
@@ -1162,7 +1162,10 @@ location for the socket than that built into the client.
|
|
A true value turns on the CLIENT_SSL flag when connecting to the MySQL
|
|
database:
|
|
|
|
- mysql_ssl=1
|
|
+When enabling SSL encryption you should set also other SSL options,
|
|
+at least mysql_ssl_ca_file or mysql_ssl_ca_path.
|
|
+
|
|
+ mysql_ssl=1 mysql_ssl_verify_server_cert=1 mysql_ssl_ca_file=/path/to/ca_cert.pem
|
|
|
|
This means that your communication with the server will be encrypted.
|
|
|
|
@@ -1170,21 +1173,54 @@ Please note that this can only work if you enabled SSL when compiling
|
|
DBD::mysql; this is the default starting version 4.034.
|
|
See L<DBD::mysql::INSTALL> for more details.
|
|
|
|
-If you turn mysql_ssl on, you might also wish to use the following
|
|
-flags:
|
|
+=item mysql_ssl_ca_file
|
|
+
|
|
+The path to a file in PEM format that contains a list of trusted SSL
|
|
+certificate authorities.
|
|
+
|
|
+When set MySQL server certificate is checked that it is signed by some
|
|
+CA certificate in the list. Common Name value is not verified unless
|
|
+C<mysql_ssl_verify_server_cert> is enabled.
|
|
+
|
|
+=item mysql_ssl_ca_path
|
|
+
|
|
+The path to a directory that contains trusted SSL certificate authority
|
|
+certificates in PEM format.
|
|
+
|
|
+When set MySQL server certificate is checked that it is signed by some
|
|
+CA certificate in the list. Common Name value is not verified unless
|
|
+C<mysql_ssl_verify_server_cert> is enabled.
|
|
+
|
|
+Please note that this option is supported only if your MySQL client was
|
|
+compiled with OpenSSL library, and not with default yaSSL library.
|
|
+
|
|
+=item mysql_ssl_verify_server_cert
|
|
+
|
|
+Checks the server's Common Name value in the certificate that the server
|
|
+sends to the client. The client verifies that name against the host name
|
|
+the client uses for connecting to the server, and the connection fails if
|
|
+there is a mismatch. For encrypted connections, this option helps prevent
|
|
+man-in-the-middle attacks.
|
|
+
|
|
+Verification of the host name is disabled by default.
|
|
|
|
=item mysql_ssl_client_key
|
|
|
|
-=item mysql_ssl_client_cert
|
|
+The name of the SSL key file in PEM format to use for establishing
|
|
+a secure connection.
|
|
|
|
-=item mysql_ssl_ca_file
|
|
+=item mysql_ssl_client_cert
|
|
|
|
-=item mysql_ssl_ca_path
|
|
+The name of the SSL certificate file in PEM format to use for
|
|
+establishing a secure connection.
|
|
|
|
=item mysql_ssl_cipher
|
|
|
|
-These are used to specify the respective parameters of a call
|
|
-to mysql_ssl_set, if mysql_ssl is turned on.
|
|
+A list of permissible ciphers to use for connection encryption. If no
|
|
+cipher in the list is supported, encrypted connections will not work.
|
|
+
|
|
+ mysql_ssl_cipher=AES128-SHA
|
|
+ mysql_ssl_cipher=DHE-RSA-AES256-SHA:AES128-SHA
|
|
|
|
|
|
=item mysql_local_infile
|