We are facing an issue in connecting to a (networked) MySQL database from our Qt app.
We require an encrypted connection, and MySQL is set with the require_secure_transport=ON.
It seems that the mariadb client code is not correctly negotiating the use of SSL, when running the app on the device with a Yocto OE image. The connection attempt is rejected with the message Connections using insecure transport are prohibited while --require_secure_transport=ON. QMYSQL: Unable to connect
When building the same application for Ubuntu for example, the MySQL connection is fine.
So I’m thinking, are we missing something from our Yocto bake - or is there some dependency missing deeper in some recipe…?
We add the Qt MySQL plugin in the local.conf file :- PACKAGECONFIG_append_pn-qtbase = " sql-mysql"
MariaDB client needs either OpenSSL or GnuTLS. OpenSSL appears to be installed in the image (I find etc/ssl/openssl.cnf).
I imagine that the Maria client negotiates protocols based on the libraries it can find. Maybe there is some configuration error - path to OpenSSL for example ?
I will try this and to see if adding mariadb explicitly helps (although I suppose this installs all the requirements to run a database on the device - right?) IMAGE_INSTALL_append += " mariadb"
Hi, I’m the Toradex AI Assistant. I’m in early beta, and I would appreciate your feedback.
The Toradex Support team will follow up with you shortly!
Did you like my answer?
Hand-shake,
It sounds like you’re encountering a specific issue with SSL/TLS negotiation when your Qt application, built with Yocto/OpenEmbedded, attempts to connect to a MySQL database with require_secure_transport=ON. Given the information you’ve provided, there are a few avenues to explore to resolve this issue.
MariaDB/MySQL Client Libraries and SSL: Ensure that the MariaDB or MySQL client libraries compiled into your image are indeed compiled with SSL support. This is crucial for enabling encrypted connections. Since OpenSSL is present in your image, verify that the client libraries are correctly linked against it. You can check this by running ldd on the MariaDB/MySQL client binaries or checking the compile-time configuration of the MariaDB/MySQL package in Yocto.
Qt SQL Plugin Configuration: Adding sql-mysql to PACKAGECONFIG_append_pn-qtbase is a good step. However, ensure that the Qt MySQL plugin is correctly finding and using the SSL libraries. Sometimes, additional configuration may be required to point the plugin to the correct SSL library paths.
OpenSSL Configuration: Verify that the OpenSSL configuration on your device is correct and not missing any critical components. The presence of openssl.cnf is a good sign, but you might also want to ensure that all necessary CA certificates are present and that OpenSSL is correctly configured to use them.
Explicitly Adding MariaDB: Adding mariadb to your image with IMAGE_INSTALL_append += " mariadb" will indeed install the MariaDB server and client libraries, but it’s essential to ensure that the client libraries are compiled with SSL support. This action might not directly solve the SSL negotiation issue if the problem lies in how the Qt MySQL plugin interacts with the SSL libraries.
Debugging and Logs: Increase the verbosity of the MySQL/MariaDB client and server logs to get more insights into where the SSL negotiation is failing. This can often provide clues as to whether the issue is with certificate verification, SSL protocol mismatch, or something else.
Qt Version and SSL Support: Since you’re using Qt 5.14.2, it should have adequate support for SSL. However, it’s worth reviewing the Qt documentation for any known issues or additional configuration steps required for SSL connections in this specific version.
Check for Known Issues: Look into the Yocto Project and Qt bug trackers for any known issues related to SSL connections with MySQL/MariaDB. It
Please, also check if these links can help you solve your problem:
Okay - it seems I accidently deleted a line from my configuration file, which, through the Qt plugin directs the maria client to use the certificates file (required for SSL connections to MySQL).
I’ll double check this now before marking this as the answer.
