我正在尝试与我的Amazon Web Service RDS实例建立安全的SSL连接。
使用以下权限创建了用户'ericencrypt':
CREATE USER 'ericencrypt'@'%' identified by 'xxxxxx';
GRANT SELECT ON table1.* TO 'ericencrypt'@'%' REQUIRE SSL;
MySQL Workbench - 成功
我可以使用MySQL Workbench连接到我的这个,将SSL CA文件指定为从亚马逊下载的rds-combined-ca-bundle.pem http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport
Python - 成功
我也可以使用相同的SSL CA组合bundle pem文件在python上建立SSL连接。
C ++ - 失败
问题是当我尝试在我的C ++项目中运行此代码时,我得到了一个 '访问被拒绝用户'ericencrypt'@'12.159.10.49'(使用密码:是)'错误
MYSQL *conn;
char *server = "pkcloudwest.xxxxxxxxx.us-west-1.rds.amazonaws.com";
char *user = "ericnotencrypt";
char *password = "xxxxxx";
char *database = "table1";
int port = 0;
conn = mysql_init(NULL);
mysql_ssl_set(conn, NULL, NULL, "rds-combined-ca-bundle.pem", NULL, NULL )
if( !mysql_real_connect(conn, server, user, password, database, port, NULL, 0) )
qDebug() << "could not connect: " << mysql_error(conn);
mysql_ssl_set的文档:https://dev.mysql.com/doc/refman/5.5/en/mysql-ssl-set.html 说调用mysql_ssl_set会为mysql_real_connect设置CLIENT_SSL标志
我还创建了另一个不需要SSL并且能够连接到它的用户
CREATE USER 'ericnotencrypt'@'%' identified by 'xxxxx';
GRANT SELECT ON table1.* TO 'ericnotencrypt'@'%';
MYSQL *conn;
char *server = "pkcloudwest.xxxxxxxxx.us-west-1.rds.amazonaws.com";
char *user = "ericencrypt";
char *password = "xxxxxx";
char *database = "table1";
int port = 0;
conn = mysql_init(NULL);
//mysql_ssl_set(conn, NULL, NULL, "rds-combined-ca-bundle.pem", NULL, NULL )
if( !mysql_real_connect(conn, server, user, password, database, port, NULL, 0) )
qDebug() << "could not connect: " << mysql_error(conn);