How to Use SSL and MySQL Client Library in the Same Binary!

We plan to hide (not export) the symbols of the SSL library used by the MySQL client library. As step one in that effort, we plan to hide all of the non-documented symbols because we want to stop polluting the MySQL client program’s namespace.

Consider a requirement where there the OpenSSL and MySQL client library functions are both used directly to generate a binary. If the order of linking used is 1. MySQL client library (i.e libmysqlclient) and then 2. OpenSSL library (i.e libcrypto), then using the created binary will result in a crash.

The Reason why it will crash is as follows: The libmysqlclient library already has the built-in yaSSL library and has exported its symbols. The yaSSL and OpenSSL libraries share some of the same symbol names, so the executable which is prepared in the above said order, will resolve the OpenSSL symbols indirectly using the libmysqlclient library (yaSSL) rather than using the OpenSSL library directly. Hence, the binary will try to call functions defined in the libmysqlclient library instead of the desired OpenSSL function, thus resulting in a crash.

We plan on solving this and similar issues as follows: Hide (don’t export) all of the bundled SSL library symbols from libmysqlclient. We will also hide all of the undocumented MySQL symbols in libmysqlclient as well. The final list of symbols that will be exported can be found here.

That’s all for now. I really hope that this new feature makes users’ lives easier and improves their overall experience with MySQL! We also look forward to your feedback on this new feature! You can leave a comment here on the blog post or in a support ticket. If you feel that you encountered any related bugs, please do let us know via a bug report.

As always, THANK YOU for using MySQL!

2 thoughts on “How to Use SSL and MySQL Client Library in the Same Binary!

  1. First of I think it is great that you are doing this. I kinda expected it sooner and the distros have been stripping binaries for some time to do the same thing.

    My question is regarding mysqlbinlog, since that uses some of the hidden API, how are you going to make it work? I can think of three possibilities:

    1. Add API for raw command sending and raw packet processing (I would love for this to exist)
    2. Compile the library functions in (probably least preferred but probably easiest)
    3. Strip the library at the final phase of compiling (after linking)

Leave a Reply

Your email address will not be published. Required fields are marked *

Please enter * Time limit is exhausted. Please reload CAPTCHA.