If this is any help, sogo use the mysql library and this method to set the ssl:
https://dev.mysql.com/doc/c-api/5.7/en/mysql-ssl-set.html
mysql_ssl_set(MYSQL *mysql,
const char *key, -> MySQL4SSLKeyPath
const char *cert, -> MySQL4SSLCertPath
const char *ca, -> MySQL4SSLCaPath
const char *capath, -> Null
const char *cipher) -> Null
Quentin
-----Original Message-----
From: [email protected] <[email protected]> On Behalf Of Thomas Gebert
Sent: vendredi 7 février 2025 15:58
To: [email protected]
Subject: Re: [SOGo] SOGo doesn't use TLS with mariadb
Hello,
thanks for the fast replay.
These two files would be the certificate of the sogo machine.
But I haven't configured client certificates for mariadb.
But I will try it ...
Greetings
Thomas
On 2/7/25 15:53, qhivert ([email protected]) wrote:
> Hello,
> Have you tried by adding those too?
>
> MySQL4SSLKeyPath = "/etc/certs/default_key.key"; MySQL4SSLCertPath =
> "/etc/certs/default_cert.crt";
>
> Quentin
>
> -----Original Message-----
> From: [email protected] <[email protected]> On Behalf Of
> Thomas Gebert
> Sent: vendredi 7 février 2025 15:43
> To: [email protected]
> Subject: [SOGo] SOGo doesn't use TLS with mariadb
>
> Hello,
>
> If have setup a mariadb server tgt-db01.cluster.lxc (10.0.3.45) with
>
> =========================================
> [mariadb]
> bind-address=*
> port = 3306
>
> max_allowed_packet = 32M
> max_connections = 800
>
> log-bin # enable binary logging
>
> ## SSL settings
> ssl_cert = /etc/certs/default_cert.crt ssl_key =
> /etc/certs/default_key.key ssl_ca = /etc/certs/ca_chain.crt
> require_secure_transport=ON
>
> [client-mariadb]
> ssl_ca = /etc/certs/ca_chain.crt
> ssl-verify-server-cert = TRUE
> =========================================
>
> SOGo ist configured :
>
> /* Database */
> SOGoProfileURL =
> "mysql://sogo:[email protected]:3306/sogo/sogo_user_profile";
> OCSFolderInfoURL =
> "mysql://sogo:[email protected]:3306/sogo/sogo_folder_info";
> OCSSessionsFolderURL =
> "mysql://sogo:[email protected]:3306/sogo/sogo_sessions_folder";
> OCSEMailAlarmsFolderURL =
> "mysql://sogo:[email protected]:3306/sogo/sogo_
> alarms_folder";
>
> MySQL4SSLEnabled = YES;
> MySQL4SSLCaPath = "/etc/certs/ca_chain.crt";
>
> But when I test the connection with tcpdump I can only see a plain login
> connection.
>
> Can anybody see what is wrong?
>
> I double checked the (selfsigned) certificates ...
>
> When I change the setting require_secure_transport for mariadb to OFF and
> restart the instance sogo can connect.
>
> To make it clear, I want to set up TLS for the serverside but until now I
> don't want a client certificate.
>
> I don't understand why it doesn't work.
>
> Greetings
>
> Thomas
>
> --
> Heinlein Consulting GmbH
> Schwedter Str. 8/9b, 10119 Berlin
>
> https://www.heinlein-support.de
>
> Tel: 030 / 40 50 51 - 0
> Fax: 030 / 40 50 51 - 19
>
> Amtsgericht Berlin-Charlottenburg - HRB 220009 B
> Geschäftsführer: Peer Heinlein - Sitz: Berlin
>
--
Heinlein Consulting GmbH
Schwedter Str. 8/9b, 10119 Berlin
https://www.heinlein-support.de
Tel: 030 / 40 50 51 - 0
Fax: 030 / 40 50 51 - 19
Amtsgericht Berlin-Charlottenburg - HRB 220009 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin
