curl / Mailing Lists / curl-users / Single Mail

Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Verify CA Certificate on MariaDB/MySQL

From: Dan Fandrich via curl-users <curl-users_at_cool.haxx.se>
Date: Tue, 14 Apr 2020 13:28:43 +0200

On Tue, Apr 14, 2020 at 01:08:52PM +0200, mai8Iex5 via curl-users wrote:
> Is it possible to verify a ca certificate of a MariaDB or MySQL instance
> with curl/libcurl?
>
> I'm looking for something similar as:
> openssl s_client -connect srv.addr.tld:3306 -starttls mysql -showcerts
> -CAfile ./ca.pem -partial_chain
>
> So far I tried the following curl command:
> curl -Iv srv.addr.tld:3306 --ssl-reqd --cacert ./ca.pem
>
> ...but the output lacks the whole TLS stuff.

MySQL doesn't use raw TLS on the wire for its encrypted connections. Instead,
it performs a protocol handshake in the MySQL layer to enable TLS before it
starts to be used. That's similar to FTP or SMTP which use AUTH TLS and
STARTTLS respectively to enable TLS, and that's what the -starttls argument in
the s_client command does. curl doesn't support the MySQL protocol so it can't
do this.
-----------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-users
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2020-04-14

This message: [ Message body ]
Next message: Michael Baentsch via curl-users: "--curves parameter ?"
Previous message: mai8Iex5 via curl-users: "Verify CA Certificate on MariaDB/MySQL"
In reply to: mai8Iex5 via curl-users: "Verify CA Certificate on MariaDB/MySQL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]