1

我正在尝试与我的 Amazon Web Service RDS 实例建立安全的 SSL 连接。

已创建具有以下权限的用户“ericencrypt”:

CREATE USER 'ericencrypt'@'%' identified by 'xxxxxx';
GRANT SELECT ON table1.* TO 'ericencrypt'@'%' REQUIRE SSL;

MySQL Workbench - 成功

我可以使用 MySQL Workbench 连接到我的这个,将 SSL CA 文件指定为从亚马逊下载的 rds-combined-ca-bundle.pem http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide /CHAP_MySQL.html#MySQL.Concepts.SSLSupport

Python - 成功

我还可以使用相同的 SSL CA 组合捆绑 pem 文件在 python 上建立 SSL 连接。

C++ - 失败

问题是当我尝试在我的 C++ 项目中运行此代码时,我收到“用户 'ericencrypt'@'12.159.10.49'(使用密码:YES)的访问被拒绝”错误

MYSQL *conn;


char *server = "pkcloudwest.xxxxxxxxx.us-west-1.rds.amazonaws.com";
char *user = "ericnotencrypt";
char *password = "xxxxxx";
char *database = "table1";
int port = 0;
conn = mysql_init(NULL);


mysql_ssl_set(conn, NULL, NULL, "rds-combined-ca-bundle.pem", NULL, NULL )

if( !mysql_real_connect(conn, server, user, password, database, port, NULL, 0) )
  qDebug() << "could not connect: " << mysql_error(conn);

mysql_ssl_set 的文档:https ://dev.mysql.com/doc/refman/5.5/en/mysql-ssl-set.html 说调用 mysql_ssl_set 将为 mysql_real_connect 设置 CLIENT_SSL 标志

我还创建了另一个不需要 SSL 并且能够连接到它的用户

CREATE USER 'ericnotencrypt'@'%' identified by 'xxxxx';
GRANT SELECT ON table1.* TO 'ericnotencrypt'@'%';


MYSQL *conn;


char *server = "pkcloudwest.xxxxxxxxx.us-west-1.rds.amazonaws.com";
char *user = "ericencrypt";
char *password = "xxxxxx";
char *database = "table1";
int port = 0;
conn = mysql_init(NULL);


//mysql_ssl_set(conn, NULL, NULL, "rds-combined-ca-bundle.pem", NULL, NULL )

if( !mysql_real_connect(conn, server, user, password, database, port, NULL, 0) )
  qDebug() << "could not connect: " << mysql_error(conn);
4

0 回答 0