-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue 786 mysql ssl support #2491
Conversation
b3b63c4
to
58882b3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me, though the Windows and Rust 1.40.0 tests are failing. It’s looking like the mysqlclient_sys
library doesn’t export the SSL mode variants on Windows, which is perplexing, but I’m not positive that’s the root cause. I haven’t had a chance to dig more into it.
I’m not comfortable giving approval on this PR until we can figure out why Windows isn’t building, but it does look good as-is right now!
I've to improve this PR for sake of Windows and I suppose to do that next week. |
Due to sgrif/mysqlclient-sys#27 there is no way to set ssl-mode for MySQL connection on Windows in same way as on Linux/Unix yet. Would it be appropriate to restrict setting of MySQL option |
That would probably be a suitable alternative for now, since the corresponding Windows bindings don’t work right now. |
b967bbc
to
f7bec43
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've left some comments, otherwise this is looking good 👍
(Sorry for taking some time to do a review here, it took some time to catch up with everything after holiday.)
Hi -- I guess nothing happened with this? |
@biot023 Commenting on old issues/PR's just to ask for updates is something that is highly discouraged. Please stop doing that if you have nothing meaningful (like how to resolve the issues outlined above) to contribute. |
It was a genuine question. Never mind, consider me suitably discouraged. |
Maybe not entirely discouraged. |
Maybe as a stopgap measure we should fork |
@Neo-Zhixing There is no need to fork mysqlclient-sys. I have all merge and publish rights for that crate. Unfortunately I do not have the time to do a lot active work there while maintaining diesel at the same time, so this is basically waiting for someone laying out a basic plan about the future of mysqlclient-sys and someone who implements it. |
@biot023 this is I think exactly what I'll need to do—you don't happen to have an example Dockerfile/diesel config that you'd feel comfortable sharing do you (scrubbed of anything sensitive, obviously)? |
Hi -- I really struggled with this. I got it working, as I recall, but then had an issue with tons of connections being established to the main server and never dropped -- took the whole site down in about 4 minutes, when I tested it! |
@biot023 and @thomasmost Just to reiterate what I've written above: I would be more than happy to merge support for mysql ssl connections to diesel, but that requires work from someone. I'm happy to provide some pointers + discuss design, but implementation needs to be done by someone else. |
@weiznich Let's do it! What is your schedule like/what forum would you prefer for such a discussion? |
@thomasmost I had a quick look at open questions here: The interface proposed in this PR looks good to me. There are the following open points from my point of view:
|
Got it! I will see if I can get in there and work this out. |
Will rebase the feature branch. |
1ccf832
to
04c4dc4
Compare
@p-alik how can I help get these tests passing? |
1fce5b8
to
04c4dc4
Compare
@weiznich now this is lookin pretty good |
@thomasmost Yes the diesel side of this change looks good, beside the fact that this only supports linux/macos. I would like to solve the windows issue first before finally merging this. As already mentioned that would require updating the bindings in mysqlclient-sys, which requires access to bindgen on windows. That's unfortunately something I cannot help with other than merging PR's and cutting releases.
|
d88faf1
to
5a4671f
Compare
ssl_mode is defined as Option<mysqlclient_sys::mysql_ssl_mode>
Windows binding of mysqlclient-sys doesn't provide values for the option MYSQL_OPT_SSL_MODE See: sgrif/mysqlclient-sys#27
0.2.0 do not provide enum mysql_ssl_mode. The enum was introduces in sgrif/mysqlclient-sys@6575414
* update diesel/Cargo.toml * remove obsolete windows checks Co-authored-by: Thomas Constantine Moore <tomismore@gmail.com>
5a4671f
to
1a66269
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
* add `ssl_mode` support to `MysqlConnection::establish` * remove support for `mysqlclient-sys` < `0.2.5`
Added requested notes to the changelog. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
@weiznich one last follow-up; just so I understand, are we talking days, weeks, or months before this gets included in a release of the crate? Until that time, any reason I can't get my app working with an (admittedly, unstable) build using the master branch as its dependency, i.e. [dependencies]
diesel = { git = "https://github.com/diesel-rs/diesel", features = ["mysql", "extras", "chrono"] } ? |
We generally do not give any estimates when a certain release happens other than: When it's done. Additionally as this PR is not merged yet (due to missing documentation) it's not certain if the next release will contain this feature or not.
Please open an discussion thread about that with more details about what you understand under "can't get working". A PR is definitively not the right place to discuss such issues. |
9dc434e aims to add missed documentation. |
24b612d
to
3ce9b48
Compare
database URL may contain GET parameters * `unix_socket` * `ssl_mode`
3ce9b48
to
9dc434e
Compare
I think you misunderstood me @weiznich — I wasn't asking for support — nvm Thanks again for your work on this crate |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
Is this feature also usable with I tried
but got
I'm using MariaDB.
|
This PR aims to add ssl connection support for MySQL backend, which is requested in the issue #786 .
At this stage it allow setting of mysql option
MYSQL_OPT_SSL_MODE
only.The connection could be established with
MYSQL_OPT_SSL_MODE
set toSSL_MODE_DISABLED
,SSL_MODE_PREFERRED
andSSL_MODE_REQUIRED
.Tested with
DATABASE_URL='mysql://***?ssl_mode=(disabled|required|preferred)' cargo test --manifest-path diesel/Cargo.toml --features mysql --no-default-features mysql
https://dev.mysql.com/doc/c-api/8.0/en/mysql-options.html
https://dev.mysql.com/doc/c-api/8.0/en/c-api-encrypted-connections.html