curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Verify CA Certificate on MariaDB/MySQL

From: Dan Fandrich via curl-users <>
Date: Tue, 14 Apr 2020 13:28:43 +0200

On Tue, Apr 14, 2020 at 01:08:52PM +0200, mai8Iex5 via curl-users wrote:
> Is it possible to verify a ca certificate of a MariaDB or MySQL instance
> with curl/libcurl?
> I'm looking for something similar as:
> openssl s_client -connect srv.addr.tld:3306 -starttls mysql -showcerts
> -CAfile ./ca.pem -partial_chain
> So far I tried the following curl command:
> curl -Iv srv.addr.tld:3306 --ssl-reqd --cacert ./ca.pem
> ...but the output lacks the whole TLS stuff.

MySQL doesn't use raw TLS on the wire for its encrypted connections. Instead,
it performs a protocol handshake in the MySQL layer to enable TLS before it
starts to be used. That's similar to FTP or SMTP which use AUTH TLS and
STARTTLS respectively to enable TLS, and that's what the -starttls argument in
the s_client command does. curl doesn't support the MySQL protocol so it can't
do this.
Received on 2020-04-14