search

google / trillian

A transparent, highly scalable and cryptographically verifiable data store.
Apache License 2.0
3.54k stars 379 forks source link

Secure MySQL communication #1929

Closed zoeylee02 closed 11 months ago

zoeylee02 commented 5 years ago

It seems not to have any configuration for secure MySQL communication to assign the certificate path as below.

command: [
      "--storage_system=mysql",
      "--mysql_uri=test:zaphod@tcp(mysql:3306)/test",
      "--rpc_endpoint=0.0.0.0:8090",
      "--http_endpoint=0.0.0.0:8091",
      "--alsologtostderr",
    ]

Assign the certificate file to read.

rootCertPool := x509.NewCertPool()
pem, _ := ioutil.ReadFile("/var/www/html/BaltimoreCyberTrustRoot.crt.pem")
if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
    log.Fatal("Failed to append PEM.")
}
mysql.RegisterTLSConfig("custom", &tls.Config{RootCAs: rootCertPool})
var connectionString string
connectionString = fmt.Sprintf("%s:%s@tcp(%s:3306)/%s?allowNativePasswords=true&tls=custom",'myadmin@mydemoserver' , 'yourpassword', 'mydemoserver.mysql.database.azure.com', 'quickstartdb')   
db, _ := sql.Open("mysql", connectionString)
Martin2112 commented 4 years ago

Yes custom TLS registration is not currently supported. I think it should be possible to add this CA certificate to the host root store and then add &tls=true to the DSN in the mysql_uri.

Can you try that? If it doesn't work we can consider adding support for registering the certificate.

mhutchinson commented 2 years ago

@zoeylee02 - did you try this, and did it work?

We'll close this issue if we don't get any updates soon.

roger2hk commented 11 months ago

Issue closed as there is no update. Please feel free to reopen later.