I have just uploaded a patch to 5.1.40 that adds support for the use of SSL CRL (Certificate Revocation Lists). Use of the CRL is critical is you really want to manage your SSL certificates, but if you don't understand why that's true, you probably don't care about this patch.

I've commented on the bug ID (http://bugs.mysql.com/bug.php?id=31224) where this was requested as a feature, and the patch is available there.

I've build 5.1.40 on RHEL5.1, against OpenSSL 0.9.8k, and manually verified that the CRL works as expected. I happen to have a highly automated SSL infrastructure that makes this fairly easy to test, however, I have NOT enhanced the automated mysql test suite, nor have I test this on any other platforms.

If you are interested in really managing your SSL certificates, and have found the lack of CRL support frustrating, please give the patch a try, and let me know how well it works for you.

For those interested, I will also be patching perl's DBD::mysql to add support for client-side certificate validation that uses the CRL as well. That part's easy: I already patched IO::Socket::SSL to do so, and the code changes are almost identical. Patching the docs will take more time than patching the code :-P

Anyway, I hope others find this work useful, and if it proves to be so, I'll try to get this included in the next release of the GA code, if it proves acceptable to the MySQL code's gate keepers (I'm VERY new to this community, if not the MySQL product itself).