Updating MySQL4 for SSL support

[roskopfj]

Are there any Cpanel friendly instructions for updating MySQL for SSL support? I've got a new CPanel/WHM installation with the default MySQL4 installation, which aparrently doesn't include SSL support. These are the instructions that the application developer sent me for updating MySQL for SSL support. Does anyone know if these are Cpanel friendly? I don't want to break anything and still want to be able to control MySQL through cpanel.

The distributed binaries DO NOT have SSL support. If you start a server
and execute the command 'SHOW VARIABLES LIKE "%ssl%" and it returns have_openssl = 'false' ( NO ) ,
you will have to re-compile Mysql. Currently, I believe the only SSL support in Mysql is through OpenSSL,
so unless you have OpenSSL installed on your system you'll have to wait for a future release.

1) Download and unpack the Mysql source tarball. CD to the directory where you unpacked it.

2) Before you start compiling Mysql, you may have to change the configure script depending on
where you have OpenSSL installed, or Mysql won't find the OpenSSL library.
configure only checks the following directories looking for openssl/ssl.h:
/usr/ssl/include /usr/local/ssl/include /usr/include /usr/include/ssl /opt/ssl/include /opt/openssl/include /usr/local/ssl/include /usr/local/include

and these directories for libssl.a:
/usr/ssl/lib /usr/local/ssl/lib /usr/lib/openssl /usr/lib /opt/ssl/lib /opt/openssl/lib /usr/local/lib/

If Mysql doesn't find OpenSSL in one of these directories, it won't compile with support for OpenSSL,
but if you don't notice the error message, you won't find out until you've finished compiling and start up
your server. Compiling mysql with the option --with-openssl=/path/to/openssl fails, because the configure
script only handles the values --with-openssl[=yes] or --with-openssl=no and not a path, so the behavior
is unspecified and it does nothing (this probably should be submitted as a bug report). If you have OpenSSL
installed anywhere else, you will have to edit the file named configure in the source directory. It searches for
OpenSSL starting at line 20863 (in version 4.0.12) -- just add the path to where you have OpenSSL installed
(line 20879 for the include directory and line 20887 for the lib directory).

[roskopfj]

Has anyone managed to get SSL enabled in MySQL and still have it work with CPanel?

[anup123]

Post it on feature request in bugzilla. Unless your request gets a big poll in favour of it, it would just lie burried deep amidst other feature requests.

OR

Could check on this if it interests you

http://www.stunnel.org/examples/mysql.html

Anup

[Blue|Fusion]

You can compile MySQL from source and enable SSL support. Just backup /var/lib/mysql directory, uninstall the MySQL RPMs, compile the source, and then move /var/lib/mysql back into place. Once done, you should have SSL support, and cPanel shouldn't have any problems connecting as it's not a forced SSL connection.

[cPanelBilly]

ok well I had a lil bit of free time on my hands.
Make sure you have openssl-devel install

Code:

/scripts/ensurerpm openssl-devel

Then get all of the files here:
http://billyvierra.com/mysql/

put them into their own directory.

then install them all with the following

Code:

rpm -Uvh --force *.rpm

All should go well and you should get the following:

Code:

mysql> show variables like "%ssl%";
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl  | YES   |
+---------------+-------+
1 row in set (0.02 sec)

Now please remember this is not part of cPanel, this is something I did myself on my off time today.

[roskopfj]

Thanks cpanelbilly

[roskopfj]

This is what I get when I try to install them... is --force not working correctly here? I'm running RedHat EL3

rpm -Uvh --force *.rpm
error: Failed dependencies:
libmysqlclient.so.10 is needed by (installed) perl-DBD-MySQL-2.1021-3
libmysqlclient.so.10 is needed by (installed) libdbi-dbd-mysql-0.6.5-5
libmysqlclient.so.10 is needed by (installed) MySQL-python-0.9.1-6
libmysqlclient.so.10 is needed by (installed) MyODBC-2.50.39-12

[dgbaker]

Try installing the client one by itself then do the others

rpm -Uvh --force MySQL-client-4.1.10a-0.i386.rpm

[roskopfj]

Alright, that did work, MySQL is updated from the RPM's above and it's running, however when the user goes to https://theapplication they're still getting popups from Internet Explorer that say:

"This page contains both secure and nonsecure items. Do you want to display the nonsecure items?"

[Blue|Fusion]

That's probobly because any images linked from other sites are not over https, but just http.

[roskopfj]

I think those rpm's might not be stable... Since I installed them my whole server crashes every day and a half or so.

[krisdv]

Then get all of the files here:
http://billyvierra.com/mysql/

Where can i find these files please.

Can you send me how you did create it to zxr750@citap.com

I mean what are the default compile options that CPANEL uses for compiling mysql.

Or can i add in the default setup of cpanel the --ssl option for mysql?

What do i need to do when cpanel lateron updates mysql so that the new version still will compiled with the --ssl option?


-- Alex