Module: sems Branch: master Commit: a769b94e150366edb8d39f5934ab287e5fa9f22b URL: https://github.com/sems-server/sems/commit/a769b94e150366edb8d39f5934ab287e5fa9f22b
Author: Juha Heinanen <j...@tutpro.com> Committer: Juha Heinanen <j...@tutpro.com> Date: 2015-11-15T15:13:02+02:00 sems/apps/dsm/mods/mod_mysql: added support for MySQL connections over SSL --- Modified: apps/dsm/mods/mod_mysql/ModMysql.cpp Modified: apps/dsm/mods/mod_mysql/ModMysql.h Modified: doc/dsm/mods/Readme.mod_mysql.txt --- Diff: https://github.com/sems-server/sems/commit/a769b94e150366edb8d39f5934ab287e5fa9f22b.diff Patch: https://github.com/sems-server/sems/commit/a769b94e150366edb8d39f5934ab287e5fa9f22b.patch --- diff --git a/apps/dsm/mods/mod_mysql/ModMysql.cpp b/apps/dsm/mods/mod_mysql/ModMysql.cpp index caed715..674d15f 100644 --- a/apps/dsm/mods/mod_mysql/ModMysql.cpp +++ b/apps/dsm/mods/mod_mysql/ModMysql.cpp @@ -35,6 +35,7 @@ #include <stdio.h> #include <fstream> +#include <unistd.h> SC_EXPORT(SCMysqlModule); @@ -195,10 +196,22 @@ EXEC_ACTION_START(SCMyConnectAction) { string db_host = str_between(db_url, '@', '/'); string db_db = str_between(db_url, '/', '\0'); + string db_ca_cert = sc_sess->var["config.mysql_ca_cert"]; + if (!db_ca_cert.empty() && (access(db_ca_cert.c_str(), R_OK ) != 0)) { + ERROR("cannot access mysql_ca_cert file %s\n", db_ca_cert.c_str()); + sc_sess->SET_ERRNO(DSM_ERRNO_CONFIG); + sc_sess->SET_STRERROR("cannot access mysql_ca_cert file\n"); + return false; + } + DSMMyConnection* conn = NULL; try { - conn = new DSMMyConnection(db_db.c_str(), db_host.c_str(), db_user.c_str(), db_pwd.c_str()); - + conn = new DSMMyConnection(); + if (!db_ca_cert.empty()) { + conn->set_option(new mysqlpp::SslOption(0, 0, db_ca_cert.c_str(), "", + "DHE-RSA-AES256-SHA")); + } + conn->connect(db_db.c_str(), db_host.c_str(), db_user.c_str(), db_pwd.c_str()); // save connection for later use AmArg c_arg; c_arg.setBorrowedPointer(conn); diff --git a/apps/dsm/mods/mod_mysql/ModMysql.h b/apps/dsm/mods/mod_mysql/ModMysql.h index 06737b4..e699111 100644 --- a/apps/dsm/mods/mod_mysql/ModMysql.h +++ b/apps/dsm/mods/mod_mysql/ModMysql.h @@ -58,9 +58,9 @@ class DSMMyConnection public DSMDisposable { public: - DSMMyConnection(const char* db, const char* server, const char* user, const char* password) - : mysqlpp::Connection(db, server, user, password) - { } + DSMMyConnection() : mysqlpp::Connection() + { + } ~DSMMyConnection() { } }; diff --git a/doc/dsm/mods/Readme.mod_mysql.txt b/doc/dsm/mods/Readme.mod_mysql.txt index 49da682..0605ac2 100644 --- a/doc/dsm/mods/Readme.mod_mysql.txt +++ b/doc/dsm/mods/Readme.mod_mysql.txt @@ -6,6 +6,10 @@ configuration DB connection can be configured in dsm.conf: $config.db_url : mysql://user:pwd@host/db +Connection is made over SSL if configuration variable mysql_ca_cert is +set, for example: +mysql_ca_cert=/etc/sems/ca-cert.pem + Actions: ======= -- connect connection _______________________________________________ Semsdev mailing list Semsdev@lists.iptel.org http://lists.iptel.org/mailman/listinfo/semsdev
