SSL for MySQL connections

[ksilin]

Using other tools, I can establish an SSL-secured connection to a MySql DB by appending the parameters to the connection URL:

jdbc:mysql://<IP>:<PORT>/<DB>?verifyServerCertificate=false&useSSL=true

However, I have not found a way to do this in postgres-async (over quill-async-mysql).

  val confMap = Map(
    "url"                    -> "jdbc:mysql://<IP>:<PORT>/<DB>?verifyServerCertificate=false&useSSL=true",
    "user"        -> ...,
    "password"    -> ...,
    "sslmode"     -> "prefer",
    "sslrootcert" -> ".../ca.pem"
  )
  val mapConfig = ConfigFactory.parseMap(confMap.asJava)
  lazy val ctx: MysqlAsyncContext[Literal.type] = new MysqlAsyncContext(Literal, mapConfig)

The two SSL-related props seem to be dropped from the URL. The two SslConfiguration params sslmode and sslrootcert do not seem to apply or at least are not translated to verifyServerCertificate=false&useSSL=true. I have tried all possible combinations of sslmode & sslrootcert.

expected behavior: SSL-secured connection will be established actual behavior: In all combinations, I am getting connection refused from the DB.

https://github.com/mauricio/postgresql-async/blob/master/db-async-common/src/main/scala/com/github/mauricio/async/db/SSLConfiguration.scala

[ksilin]

I would be happy to implement contribute the code if somebody could explain to me the codepath from the config to the connection string.

[inmyth]

+1 I'm also unable to figure out how to use SSL with MySql. To my understanding, MySql encrypted connection requires three .pem files, ca (certificate authority), server-cert (pub key), server-key (private key). With JDBC, these certificates may need to be converted to JKS format. I cannot see how all these files fit into sslrootcert parameter.

[oshai]

@ksilin if you like to implement that for https://github.com/jasync-sql/jasync-sql which is a fork of this lib, I can try to help. If relevanr please open an issue there.