That’s possible, but given the call to mysql_optionsv(MYSQL_READ_DEFAULT_FILE) it should be.  Let me confirm that with strace…

 

Huh.  Thank you.  You’re right.  It reads shared libs, nsswitch and misc other system data, and openssl.cnf.  Never opens my.cnf.

 

The library is part of a mariadb 10.6.14 installation on the client, and the server seems to be 10.5.21.  I don’t know what version of “connector/C” is included with mariadb 10.6.14.  Do those map directly?

 

 

From: Sergei Golubchik <serg@mariadb.org>
Date: Thursday, July 25, 2024 at 02:37
To: Chris Ross (cross2) <cross2@cisco.com>
Cc: discuss@lists.mariadb.org <discuss@lists.mariadb.org>
Subject: Re: [MariaDB discuss] mariadb connector/c client not using SSL

Hi, Chris,

It seems that your concern is not "cannot connect with SSL", but "my
application doesn't read the config file". You can verify the latter
with strace or, easier, by adding some invalid option to the config file
and see if there'll be a failure.

Also, what is connector c version and the server version?
3.3 and 10.6?

Regards,
Sergei
Chief Architect, MariaDB Server
and security@mariadb.org

On Jul 24, Chris Ross (cross2) via discuss wrote:
> Hey there.  I am trying to get a local application which uses the
> mariadb client library to connect to a server with SSL.
>
> On my client system, I have added “ssl-ca” and
> “ssl-verify-server-cert” to the [client] section of my my.cnf.  I can
> see these in effect with both “mariadb --help” and with
> “my_print_defaults client”.  And, using mariadb client itself with all
> of the right connection parameters (host/port/username/port/schema) it
> connects just fine.
>
> However, a program of mine which uses mysql_real_connect() fails,
> reporting “Access denied for user ‘foo’@’ip’ (using password: YES)”.
> This is, I assume, because the user on the database side requires ssl,
> and my client is not using ssl.
>
> I’ve added:
>
>
>    (void)mysql_optionsv(conn, MYSQL_READ_DEFAULT_FILE, NULL);
>
> Into my sources before calling mysql_real_connect().  I thought that
> would make it pull the params from the config file, and all should be
> good.  But, that’s clearly not enough.
>
> Can someone help me figure out what I’m missing?  Thank you.