Skip to content
This repository has been archived by the owner on Dec 3, 2019. It is now read-only.

SSL for MySQL connections #246

Open
ksilin opened this issue Apr 30, 2018 · 3 comments
Open

SSL for MySQL connections #246

ksilin opened this issue Apr 30, 2018 · 3 comments

Comments

@ksilin
Copy link

ksilin commented Apr 30, 2018

Using other tools, I can establish an SSL-secured connection to a MySql DB by appending the parameters to the connection URL:

jdbc:mysql://<IP>:<PORT>/<DB>?verifyServerCertificate=false&useSSL=true

However, I have not found a way to do this in postgres-async (over quill-async-mysql).

  val confMap = Map(
    "url"                    -> "jdbc:mysql://<IP>:<PORT>/<DB>?verifyServerCertificate=false&useSSL=true",
    "user"        -> ...,
    "password"    -> ...,
    "sslmode"     -> "prefer",
    "sslrootcert" -> ".../ca.pem"
  )
  val mapConfig = ConfigFactory.parseMap(confMap.asJava)
  lazy val ctx: MysqlAsyncContext[Literal.type] = new MysqlAsyncContext(Literal, mapConfig)

The two SSL-related props seem to be dropped from the URL. The two SslConfiguration params sslmode and sslrootcert do not seem to apply or at least are not translated to verifyServerCertificate=false&useSSL=true. I have tried all possible combinations of sslmode & sslrootcert.

expected behavior: SSL-secured connection will be established
actual behavior: In all combinations, I am getting connection refused from the DB.

https://github.com/mauricio/postgresql-async/blob/master/db-async-common/src/main/scala/com/github/mauricio/async/db/SSLConfiguration.scala

@ksilin
Copy link
Author

ksilin commented May 2, 2018

I would be happy to implement contribute the code if somebody could explain to me the codepath from the config to the connection string.

@inmyth
Copy link

inmyth commented Oct 19, 2018

+1
I'm also unable to figure out how to use SSL with MySql.
To my understanding, MySql encrypted connection requires three .pem files, ca (certificate authority), server-cert (pub key), server-key (private key). With JDBC, these certificates may need to be converted to JKS format. I cannot see how all these files fit into sslrootcert parameter.

@oshai
Copy link

oshai commented Oct 19, 2018

@ksilin if you like to implement that for https://github.com/jasync-sql/jasync-sql which is a fork of this lib, I can try to help. If relevanr please open an issue there.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants