I found the function now in the source code of sope.
I will check, whether I can make it work for me by changing some code.
Kind regards,
Thomas
On 2/7/25 16:04, qhivert ([email protected]) wrote:
If this is any help, sogo use the mysql library and this method to set the ssl:
https://dev.mysql.com/doc/c-api/5.7/en/mysql-ssl-set.html
mysql_ssl_set(MYSQL *mysql,
const char *key, -> MySQL4SSLKeyPath
const char *cert, -> MySQL4SSLCertPath
const char *ca, -> MySQL4SSLCaPath
const char *capath, -> Null
const char *cipher) -> Null
Quentin
-----Original Message-----
From: [email protected] <[email protected]> On Behalf Of Thomas Gebert
Sent: vendredi 7 février 2025 15:58
To: [email protected]
Subject: Re: [SOGo] SOGo doesn't use TLS with mariadb
Hello,
thanks for the fast replay.
These two files would be the certificate of the sogo machine.
But I haven't configured client certificates for mariadb.
But I will try it ...
Greetings
Thomas
On 2/7/25 15:53, qhivert ([email protected]) wrote:
Hello,
Have you tried by adding those too?
MySQL4SSLKeyPath = "/etc/certs/default_key.key"; MySQL4SSLCertPath =
"/etc/certs/default_cert.crt";
Quentin
-----Original Message-----
From: [email protected] <[email protected]> On Behalf Of
Thomas Gebert
Sent: vendredi 7 février 2025 15:43
To: [email protected]
Subject: [SOGo] SOGo doesn't use TLS with mariadb
Hello,
If have setup a mariadb server tgt-db01.cluster.lxc (10.0.3.45) with
=========================================
[mariadb]
bind-address=*
port = 3306
max_allowed_packet = 32M
max_connections = 800
log-bin # enable binary logging
## SSL settings
ssl_cert = /etc/certs/default_cert.crt ssl_key =
/etc/certs/default_key.key ssl_ca = /etc/certs/ca_chain.crt
require_secure_transport=ON
[client-mariadb]
ssl_ca = /etc/certs/ca_chain.crt
ssl-verify-server-cert = TRUE
=========================================
SOGo ist configured :
/* Database */
SOGoProfileURL =
"mysql://sogo:[email protected]:3306/sogo/sogo_user_profile";
OCSFolderInfoURL =
"mysql://sogo:[email protected]:3306/sogo/sogo_folder_info";
OCSSessionsFolderURL =
"mysql://sogo:[email protected]:3306/sogo/sogo_sessions_folder";
OCSEMailAlarmsFolderURL =
"mysql://sogo:[email protected]:3306/sogo/sogo_
alarms_folder";
MySQL4SSLEnabled = YES;
MySQL4SSLCaPath = "/etc/certs/ca_chain.crt";
But when I test the connection with tcpdump I can only see a plain login
connection.
Can anybody see what is wrong?
I double checked the (selfsigned) certificates ...
When I change the setting require_secure_transport for mariadb to OFF and
restart the instance sogo can connect.
To make it clear, I want to set up TLS for the serverside but until now I don't
want a client certificate.
I don't understand why it doesn't work.
Greetings
Thomas
--
Heinlein Consulting GmbH
Schwedter Str. 8/9b, 10119 Berlin
https://www.heinlein-support.de
Tel: 030 / 40 50 51 - 0
Fax: 030 / 40 50 51 - 19
Amtsgericht Berlin-Charlottenburg - HRB 220009 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin
--
Heinlein Consulting GmbH
Schwedter Str. 8/9b, 10119 Berlin
https://www.heinlein-support.de
Tel: 030 / 40 50 51 - 0
Fax: 030 / 40 50 51 - 19
Amtsgericht Berlin-Charlottenburg - HRB 220009 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin
--
Heinlein Consulting GmbH
Schwedter Str. 8/9b, 10119 Berlin
https://www.heinlein-support.de
Tel: 030 / 40 50 51 - 0
Fax: 030 / 40 50 51 - 19
Amtsgericht Berlin-Charlottenburg - HRB 220009 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin
