# MySQL compiled with SSL



## oobayly (Sep 24, 2009)

I'm having some issues compiling MySQL with SSL support enabled.

Using:
7.2-RELEASE FreeBSD (GENERIC kernel)
mysql-server-5.1.39
mysql-client-5.1.39
openssl-0.9.8k_5

I've added the following /etc/make.conf

```
# Always compile MySQL with SSL, Optimized & Statically compiled
.if ${.CURDIR:M*/database/mysql*}
  WITH_OPENSSL=yes
  BUILD_OPTIMIZED=yes
  BUILD_STATIC=yes
.endif
```

However, when I use portupgrade to upgrade MySQL server & client, or build the ports using *WITH_OPENSSL=yes* they both report that they haven't been built with OpenSSL:


```
mysql> show variables like '%ssl%';
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| have_openssl  | NO    |
| have_ssl      | NO    |
| ssl_ca        |       |
| ssl_capath    |       |
| ssl_cert      |       |
| ssl_cipher    |       |
| ssl_key       |       |
+---------------+-------+
7 rows in set (0.00 sec)
```


```
# mysql --ssl-ca=cacert.pem
mysql: unknown variable 'ssl-ca=cacert.pem'
```

Reading the MySQL documentation at:
http://dev.mysql.com/doc/refman/5.1/en/secure-using-ssl.html
It says the following:


> Building MySQL using OpenSSL requires a shared OpenSSL library, otherwise linker errors occur.


However, I can't see any options for that when I look at the make options for openssl.

Any suggestions as to what I'm doing wrong.


----------



## SirDice (Sep 24, 2009)

If I read this bit correctly:

```
.if defined(WITH_OPENSSL)
.if !defined(WITHOUT_YASSL)
CONFIGURE_ARGS+=--with-ssl=bundled
.else
USE_OPENSSL=	yes
CONFIGURE_ARGS+=--with-ssl=${OPENSSLBASE}
.endif
.endif
```

Using WITH_OPENSSL will build it with the bundled libraries. If you don't supply WITH_OPENSSL and openssl is already installed it will use the openssl libraries.


----------



## oobayly (Sep 24, 2009)

Admittedly, my knowledge of Makefiles is pretty poor, but surely this bit (my indentation):

```
.if defined(WITH_OPENSSL)
	.if !defined(WITHOUT_YASSL)
		CONFIGURE_ARGS+=--with-ssl=bundled
	.else
		USE_OPENSSL=    yes
		CONFIGURE_ARGS+=--with-ssl=${OPENSSLBASE}
	.endif
.endif
```
means that the USE_OPENSSL and CONFIGURE_ARGS variables will only be set/appended to when the WITH_OPENSSL variable is set and the WITHOUT_YASSL is set?

:i Am just trying to compile with *USE_OPENSSL=yes WITHOUT_YASSL=yes*
Of course, I may just find that I'm wasting my time doing this :\


----------



## SirDice (Sep 24, 2009)

oobayly said:
			
		

> means that the USE_OPENSSL and CONFIGURE_ARGS variables will only be set/appended to when the WITH_OPENSSL variable is set and the WITHOUT_YASSL is set?
> 
> :i Am just trying to compile with *USE_OPENSSL=yes WITHOUT_YASSL=yes*
> Of course, I may just find that I'm wasting my time doing this :\



Yeah, I think I read it a bit too quick. Don't use USE_OPENSSL though. Use WITH_OPENSSL and WITHOUT_YASSL.


----------



## oobayly (Sep 29, 2009)

Completely forgot to add a follow up.



> Don't use USE_OPENSSL though


Ah, the dangers of copying and pasting, I did mean WITH_OPENSSL, honest!

I compiled MySQL using *WITH_OPENSSL=yes WITHOUT_YASSL=yes* and it did the job perfectly.

Unfortunately, when I did a simple make, it didn't appear to use the variables set in /etc/make.conf

```
# Always compile MySQL with SSL, Optimized & Statically compiled
.if ${.CURDIR:M*/database/mysql*}
  WITH_OPENSSL=yes
  WITHOUT_YASSL=yes
  #BUILD_OPTIMIZED=yes
.endif
```
It's also not using the variables when I execute the following

```
portupgrade -f mysql-server
```


----------



## DutchDaemon (Sep 29, 2009)

> ```
> .if ${.CURDIR:M*/database/mysql*}
> ```



It's database*s*.


----------



## oobayly (Sep 29, 2009)

> It's database*s*.


<Smacks head on desk> I'm going to take up gardening as a full time job.

Thanks.


----------

