$dbh = DBI->connect("DBI:mysql:test:localhost;mysql_ssl=1;mysql_ssl_client_key=$openssl/client-key.pem;mysql_ssl_client_cert=$openssl/client-cert.pem;mysql_ssl_ca_file=$openssl/cacert.pem", $user, $pass)

  mysql> GRANT ALL PRIVILEGES ON test.* to username@localhost
        -> IDENTIFIED BY "secretpass" REQUIRE SSL;
		    

			REQUIRE SSL limits the server to allow only SSL connections
			REQUIRE X509 "issuer" means that the client should have a valid certificate, but we do not care about the exact certificate, issuer or subject
			REQUIRE ISSUER means the client must present a valid X509 certificate issued by issuer "issuer".
			REQUIRE SUBJECT "subject" requires clients to have a valid X509 certificate with the subject "subject" on it.
			REQUIRE CIPHER "cipher" is needed to ensure strong ciphers and keylengths will be used. (ie. REQUIRE CIPHER "EDH-RSA-DES-CBC3-SHA")