trillian icon indicating copy to clipboard operation
trillian copied to clipboard

Published 20 hours ago verified publisher icon google

Secure MySQL communication

Open zoeylee02 opened this issue 5 years ago • 2 comments

It seems not to have any configuration for secure MySQL communication to assign the certificate path as below.

command: [
      "--storage_system=mysql",
      "--mysql_uri=test:zaphod@tcp(mysql:3306)/test",
      "--rpc_endpoint=0.0.0.0:8090",
      "--http_endpoint=0.0.0.0:8091",
      "--alsologtostderr",
    ]

Assign the certificate file to read.

rootCertPool := x509.NewCertPool()
pem, _ := ioutil.ReadFile("/var/www/html/BaltimoreCyberTrustRoot.crt.pem")
if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
    log.Fatal("Failed to append PEM.")
}
mysql.RegisterTLSConfig("custom", &tls.Config{RootCAs: rootCertPool})
var connectionString string
connectionString = fmt.Sprintf("%s:%s@tcp(%s:3306)/%s?allowNativePasswords=true&tls=custom",'myadmin@mydemoserver' , 'yourpassword', 'mydemoserver.mysql.database.azure.com', 'quickstartdb')	
db, _ := sql.Open("mysql", connectionString)

zoeylee02 avatar Oct 25 '19 07:10 zoeylee02

Yes custom TLS registration is not currently supported. I think it should be possible to add this CA certificate to the host root store and then add &tls=true to the DSN in the mysql_uri.

Can you try that? If it doesn't work we can consider adding support for registering the certificate.

Martin2112 avatar Dec 18 '19 09:12 Martin2112

@zoeylee02 - did you try this, and did it work?

We'll close this issue if we don't get any updates soon.

mhutchinson avatar May 26 '22 10:05 mhutchinson

Issue closed as there is no update. Please feel free to reopen later.

roger2hk avatar Nov 02 '23 14:11 roger2hk