Merge pull request #18 from rzane/encryption

Allow configuring the encryption parameters
findmypast-oss · May 23, 2018 · 497511f · 497511f
2 parents c3a415a + 012e298
commit 497511f
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 1 deletion.
diff --git a/lib/mssqlex.ex b/lib/mssqlex.ex
@@ -31,6 +31,10 @@ defmodule Mssqlex do
         * environment variable: `MSSQL_UID`
     * `:password` - User's password.
         * environment variable: `MSSQL_PWD`
+    * `:encrypt` - Specifies whether data should be encrypted before sending it over the network.
+        * environment variable: `MSSQL_ENCRYPT`
+    * `:trust_server_certificate` - When used with Encrypt, enables encryption using a self-signed server certificate.
+        * environment variable: `MSSQL_TRUST_SERVER_CERT`
 
   `Mssqlex` uses the `DBConnection` framework and supports all `DBConnection`
   options like `:idle`, `:after_connect` etc.

diff --git a/lib/mssqlex/protocol.ex b/lib/mssqlex/protocol.ex
@@ -44,13 +44,17 @@ defmodule Mssqlex.Protocol do
     server_address = opts[:hostname] || System.get_env("MSSQL_HST") || "localhost"
     instance_name = opts[:instance_name] || System.get_env("MSSQL_IN")
     port = opts[:port] || System.get_env("MSSQL_PRT")
+    encrypt = opts[:encrypt] || System.get_env("MSSQL_ENCRYPT")
+    trust = opts[:trust_server_certificate] || System.get_env("MSSQL_TRUST_SERVER_CERT")
 
     conn_opts = [
       {"Driver", opts[:odbc_driver] || System.get_env("MSSQL_DVR") || "{ODBC Driver 17 for SQL Server}"},
       {"Server", build_server_address(server_address, instance_name, port)},
       {"Database", opts[:database] || System.get_env("MSSQL_DB")},
       {"UID", opts[:username] || System.get_env("MSSQL_UID")},
-      {"PWD", opts[:password] || System.get_env("MSSQL_PWD")}
+      {"PWD", opts[:password] || System.get_env("MSSQL_PWD")},
+      {"Encrypt", to_yesno(encrypt)},
+      {"TrustServerCertificate", to_yesno(trust)}
     ]
     conn_str = Enum.reduce(conn_opts, "", fn {key, value}, acc ->
       acc <> "#{key}=#{value};" end)
@@ -75,6 +79,9 @@ defmodule Mssqlex.Protocol do
   defp build_server_address(server_address, nil, port), do: "#{server_address},#{port}"
   defp build_server_address(server_address, instance_name, port), do: "#{server_address}\\#{instance_name},#{port}"
 
+  defp to_yesno(value) when value in ["yes", true], do: "yes"
+  defp to_yesno(value) when value in ["no", nil, false], do: "no"
+
   @doc false
   @spec disconnect(err :: Exception.t, state) :: :ok
   def disconnect(_err, %{pid: pid} = state) do

diff --git a/test/mssqlex/login_test.exs b/test/mssqlex/login_test.exs
@@ -3,12 +3,24 @@ defmodule Mssqlex.LoginTest do
 
   alias Mssqlex.Result
 
+  @check_encryption """
+  SELECT encrypt_option
+  FROM sys.dm_exec_connections
+  WHERE session_id = @@SPID
+  """
+
   test "Given valid details, connects to database" do
     assert {:ok, pid} = Mssqlex.start_link([])
     assert {:ok, _, %Result{num_rows: 1, rows: [["test"]]}} =
       Mssqlex.query(pid, "SELECT 'test'", [])
   end
 
+  test "connects with encryption" do
+    assert {:ok, pid} = Mssqlex.start_link(encrypt: true, trust_server_certificate: true)
+    assert {:ok, _, %Result{num_rows: 1, rows: [["TRUE"]]}} =
+      Mssqlex.query(pid, @check_encryption, [])
+  end
+
   test "Given invalid details, errors" do
     Process.flag(:trap_exit, true)