8000 SSL Support by caleblloyd · Pull Request #101 · mysql-net/MySqlConnector · GitHub
[go: up one dir, main page]
Skip to content

SSL Support #101

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact i 8000 ts maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 12, 2016
Merged

SSL Support #101

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6f5b82a
ssl connection string options
caleblloyd Oct 11, 2016
0e4c0c7
working ssl implementation
caleblloyd Oct 12, 2016
a82a661
add SSL tests to travis
caleblloyd Oct 12, 2016
1512af5
disable TLS1.2 on windows
caleblloyd Oct 12, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .ci/config.ssl.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"Data": {
"ConnectionString": "server=127.0.0.1;user id=ssltest;password=test;port=3306;database=mysqltest;ssl mode=required;certificate file=.ci/ssl-client.pfx;Use Affected Rows=true",
"PasswordlessUser": "no_password",
"SupportsJson": true
}
}
3 changes: 3 additions & 0 deletions .ci/server.cnf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
# uses a seperate key for the server and clinet
# this is how things should be run in production

[mysqld]
ssl-ca=/etc/mysql/conf.d/ssl-ca.pem
ssl-cert=/etc/mysql/conf.d/ssl-server-cert.pem
Expand Down
11 changes: 11 additions & 0 deletions .ci/server.debug
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# uses the same key for the server and client
# uses a non-ephemeral cipher suite
# allows for WireShark to decrypt packets given "ssl-client-key.pem"
# go to "Edit -> Preferences", "Protocols", "SSL", and add RSA key
# this is for testing, don't do this in production

[mysqld]
ssl-ca=/etc/mysql/conf.d/ssl-ca.pem
ssl-cert=/etc/mysql/conf.d/ssl-client-cert.pem
ssl-key=/etc/mysql/conf.d/ssl-client-key.pem
ssl-cipher=AES128-SHA
Binary file added .ci/ssl-client.pfx
View file
Open in desktop
Binary file not shown.
4 changes: 2 additions & 2 deletions .travis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,9 +8,9 @@ before_install:
- sudo apt-key adv --keyserver apt-mo.trafficmanager.net --recv-keys 417A0893
- sudo apt-get update
- sudo apt-get install -y dotnet-dev-1.0.0-preview2-003121
- cp tests/SideBySide.New/config.json.example tests/SideBySide.New/config.json

script:
- dotnet restore
- dotnet test tests/MySqlConnector.Tests --configuration Release
- dotnet test tests/SideBySide.New --configuration Release
- echo 'Executing tests with ssl mode=none' && cp tests/SideBySide.New/config.json.example tests/SideBySide.New/config.json && dotnet test tests/SideBySide.New --configuration Release
- echo 'Executing tests with ssl mode=required' && cp .ci/config.ssl.json tests/SideBySide.New/config.json && dotnet test tests/SideBySide.New --configuration Release
16 changes: 11 additions & 5 deletions src/MySqlConnector/MySqlClient/ConnectionPool.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ public async Task<MySqlSession> GetSessionAsync(IOBehavior ioBehavior, Cancellat
}

session = new MySqlSession(this, m_generation);
await session.ConnectAsync(m_servers, m_port, m_userId, m_password, m_database, ioBehavior, cancellationToken).ConfigureAwait(false);
await session.ConnectAsync(m_servers, m_port, m_userId, m_password, m_database, m_sslMode, m_certificateFile, m_certificatePassword, ioBehavior, cancellationToken).ConfigureAwait(false);
return session;
}
catch
Expand Down Expand Up @@ -124,8 +124,8 @@ public static ConnectionPool GetPool(MySqlConnectionStringBuilder csb)
ConnectionPool pool;
if (!s_pools.TryGetValue(key, out pool))
{
pool = s_pools.GetOrAdd(key, newKey => new ConnectionPool(csb.Server.Split(','), (int) csb.Port, csb.UserID,
csb.Password, csb.Database, csb.ConnectionReset, (int)csb.MinimumPoolSize, (int) csb.MaximumPoolSize));
pool = s_pools.GetOrAdd(key, newKey => new ConnectionPool(csb.Server.Split(','), (int) csb.Port, csb.UserID, csb.Password, csb.Database,
csb.SslMode, csb.CertificateFile, csb.CertificatePassword, csb.ConnectionReset, (int)csb.MinimumPoolSize, (int) csb.MaximumPoolSize));
}
return pool;
}
Expand All @@ -138,15 +138,18 @@ public static async Task ClearPoolsAsync(IOBehavior ioBehavior, CancellationToke
await pool.ClearAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
}

private ConnectionPool(IEnumerable<string> servers, int port, string userId, string password, string database,
bool resetConnections, int minimumSize, int maximumSize)
private ConnectionPool(IEnumerable<string> servers, int port, string userId, string password, string database, SslMode sslMode,
string certificateFile, string certificatePassword, bool resetConnections, int minimumSize, int maximumSize)
{
m_servers = servers;
m_port = port;
m_userId = userId;
m_password = password;
m_database = database;
m_resetConnections = resetConnections;
m_sslMode = sslMode;
m_certificateFile = certificateFile;
m_certificatePassword = certificatePassword;
m_minimumSize = minimumSize;
m_maximumSize = maximumSize;

Expand All @@ -166,6 +169,9 @@ private ConnectionPool(IEnumerable<string> servers, int port, string userId, str
readonly string m_userId;
readonly string m_password;
readonly string m_database;
readonly SslMode m_sslMode;
readonly string m_certificateFile;
readonly string m_certificatePassword;
readonly bool m_resetConnections;
readonly int m_minimumSize;
readonly int m_maximumSize;
Expand Down
4 changes: 2 additions & 2 deletions src/MySqlConnector/MySqlClient/MySqlConnection.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -226,8 +226,8 @@ private async Task<MySqlSession> CreateSessionAsync(IOBehavior ioBehavior, Cance
else
{
var session = new MySqlSession();
await session.ConnectAsync(m_connectionStringBuilder.Server.Split(','), (int) m_connectionStringBuilder.Port, m_connectionStringBuilder.UserID,
m_connectionStringBuilder.Password, m_connectionStringBuilder.Database, ioBehavior, linkedSource.Token).ConfigureAwait(false);
await session.ConnectAsync(m_connectionStringBuilder.Server.Split(','), (int) m_connectionStringBuilder.Port, m_connectionStringBuilder.UserID, m_connectionStringBuilder.Password, m_connectionStringBuilder.Database,
m_connectionStringBuilder.SslMode, m_connectionStringBuilder.CertificateFile, m_connectionStringBuilder.CertificatePassword, ioBehavior, linkedSource.Token).ConfigureAwait(false);
return session;
}
}
Expand Down
51 changes: 51 additions & 0 deletions src/MySqlConnector/MySqlClient/MySqlConnectionStringBuilder.cs
View file
Open in desktop