Missing SSL Support

[kulshrax]

Does this crate have support for SSL encryption and X.509 authentication?

There is a comment for OptsBuilder that implies that there is SSL support, but it doesn't look like this is actually implemented in this crate. (I'm guessing that this example was perhaps accidentally copied over from rust-mysql-simple?)

If that was in fact an error, are there plans to add SSL support to this crate? I'm working on a project that requires X.509 authentication. I'd be sending SQL queries from within a Future so I'd prefer to use an async MySQL driver. I suspect that adding support would just involve adapting the appropriate pieces of SSL code from rust-mysql-simple. If there are no immediate plans, I'm happy to give this a shot. Thanks!

[blackbeam]

Hi!

Yes, documentation was accidentally copied from rust-mysql-simple.

I suspect that adding support would just involve adapting the appropriate pieces of SSL code from rust-mysql-simple.

Yes. It should not be a problem with tokio-tls crate. I believe i'll find time for this on next week but if it's too late for you, then you could try to implement it yourself (documentation)

[kulshrax]

Thanks for the quick response! Waiting a week is no big deal for me. Let me know if you end up not having time for this though.

[blackbeam]

It appears to be harder than i thought but now i'm a bit closer (sfackler/rust-native-tls#54).
There's one more issue that needs to be fixed.

[kulshrax]

Hey, I noticed that the latest release of mysql_async now appears to have some SSL support in place. Thank you for working on this!

Given that you haven't yet closed this issue, is there still additional work that you need to do?

Also, I noticed that unlike in rust-mysql-simple, you're using native-tls here, which appears to only accept SSL credentials as PKCS12 archives. (Whereas in rust-mysql-simple, PKCS12 is only used for MacOS clients -- other Unix-like systems need to specify a certificate, private key, and CA certificate chain independently.)

I've been successfully using rust-mysql-simple on Linux in the aforementioned way for a while now. I tried using OpenSSL to convert my certificates and key into a PKCS12 archive and giving that to mysql_async, but attempting to connect to the database fails during certificate verification. I'm pretty sure I'm just going something wrong, but I thought it'd be worth asking if you'd expect SSL to work on Linux clients in this crate's current state.

[blackbeam]

Hi.

Given that you haven't yet closed this issue, is there still additional work that you need to do?

Yeah, ssl on linux is still broken at the moment. I hope to solve this in near future.
Please use rust-mysql-simple with something like futures-cpupool until then.

[blackbeam]

Oh. Well. This one was easyer than i thought.

It turns out that certificate of my custom CA should not go to pkcs12 but should be provided separetely. I've added SslOpts::set_root_cert_path method for this (it is in v0.12.1). But i'm still not sure why everything worked on my mac without it.

Anyway.
This works flawlessly on my linux box:

let mut ssl_opts = SslOpts::new("./test/client.p12".as_ref());
ssl_opts.set_root_cert_path(Some("./test/ca-cert.der".as_ref()));
ssl_opts.set_password(Some("pass"));

[kulshrax]

Cool, I can confirm that SSL now works for me on Linux. Thanks for your quick response!