Skip to content

Configuration

Jump to bottom
Xyranaut edited this page Jun 1, 2026 · 2 revisions

Configuration

Two ways to configure a connection

1. In code, with a config object

new MySQLConfig:cfg = mysql_config_create();
mysql_config_set(cfg, SERVER_PORT, 3306);
mysql_config_set(cfg, SSL_MODE, SSL_MODE_VERIFY_CA);
mysql_config_set(cfg, SSL_CA, "scriptfiles/ca.pem");
new MySQL:db = mysql_connect("127.0.0.1", "user", "${OMP_DB_PASS}", "mydb", cfg);

2. From an .ini file (keeps secrets out of source)

new MySQL:db = mysql_connect_config("mysql.ini");
# mysql.ini  (see tools/mysql.example.ini)
host     = 127.0.0.1
port     = 3306
user     = omp_app
password = ${OMP_DB_PASS}     ; expanded from the environment
database = mydb
ssl_mode = 2                  ; 0=REQUIRED 1=VERIFY_CA 2=VERIFY_IDENTITY
ssl_ca   = scriptfiles/ca.pem
# debug    = 1                ; optional: [omp-MySQL] diagnostics
# debug_log = logs/mysql.log  ; optional: also write debug to a file

${VAR} anywhere in a value (in code args or the .ini) is replaced with that environment variable. Use it for the password so it's never in the file.

TLS modes — choose how strict to be

TLS is always on. The mode only controls how much the certificate is checked:

Mode Constant What it does Use when
0 SSL_MODE_REQUIRED Encrypt; don't verify the cert Local/dev, trusted network
1 SSL_MODE_VERIFY_CA Encrypt + cert must chain to a trusted CA You have the server's CA
2 SSL_MODE_VERIFY_IDENTITY Above + hostname must match Production over the internet

For 1 and 2 you supply the CA with SSL_CA. For a local MySQL using its auto-generated cert, you can grab the CA like this:

echo | openssl s_client -connect 127.0.0.1:3306 -starttls mysql -showcerts \
  | awk '/BEGIN/{c++} c==2' > ca.pem     # the 2nd cert is the CA

(Or point SSL_CA at MySQL's ca.pem from its data directory.)

For VERIFY_IDENTITY the certificate's name must match the host you connect to. MySQL's default auto-generated cert uses a generic name, so either connect by a name in the cert, regenerate the server cert with your host/IP in the SAN, or use VERIFY_CA. See Security.

Debug logging

Off by default. Turn it on to see [omp-MySQL] diagnostics (connections, the prepared-statement path, errors):

mysql_debug(true);                          // console
mysql_debug(true, "logs/mysql-debug.log");  // console + file

or from the .ini (debug = 1). In the mysql-admin demo it's exposed via the RCON command /mysql debug on|off.

Common options (mysql_config_set)

Option Meaning
SERVER_PORT TCP port (default 3306)
SSL_MODE TLS verification strictness (see above)
SSL_CA / SSL_CERT / SSL_KEY certificate / client-cert / key paths
TLS_VERSION e.g. "TLSv1.3,TLSv1.2" (1.0/1.1 are rejected)
CONNECT_TIMEOUT connect timeout in seconds
AUTO_RECONNECT transparently reconnect (bool)
MULTI_STATEMENTS allow ;-stacked queries (OFF by default — injection defense)

See the Native reference for the complete list.

Next: Your first queries →

omp-MySQL Wiki

Quick Start · Cheat sheet

Understand

Use

Deeper

Reference

Releases · Repo

Clone this wiki locally