Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Ssl status per thread #63
It is missing information:
This needs an update to the README to include the details in there as well.
I also wonder why you chose just these variables? You mentioned in your bug about "What are the start and end date for the client certificate?", these could be added to the table with the Ssl_server_not_after and Ssl_server_not_before variables.
I think it's not beyond reason that we would perhaps want statistics vs config tables here, like ssl_config_per_thread and ssl_stats_per_thread, and wonder if you would be interested in doing that instead?
Finally, note that in 5.7.8 there has been a new CONNECTION_TYPE column added to performance_schema.threads:
The protocol used to establish the connection, or NULL for background threads. Permitted values are TCP/IP (TCP/IP connection established without SSL), SSL/TLS (TCP/IP connection established with SSL), Socket (Unix socket file connection), Named Pipe (Windows named pipe connection), and Shared Memory (Windows shared memory connection).
This column was added in MySQL 5.7.8."
You may want to join against THREADS, where the connection_type is SSL/TLS too? Of course, that's hard to test for you at the moment without that build available yet so understand if you skip that (and maybe I can do it instead after merge).
Don't the Ssl_server_not_after and Ssl_server_not_before variables indicate the validity of the server certificate and not of the client certificate?
Thanks for pointing the CONNECTION_TYPE feature out to me. It looks nice, however it still doesn't give information about if and which client certificate was used.
Ah, yea, you're right it is just server not client (clue is in the name huh). I wonder why that is also a session variable.. Anyway, forget that bit. :)
I wasn't meaning to replace this with the CONNECTION_TYPE, I just wonder if we should JOIN and use that info in the WHERE to filter for only threads that are connected via SSL.