In the case of for example vttablets connecting to an external MySQL,
the current TLS / SSL options don't provide the sometimes needed
flexibility.
The only way to provide any option(s) is through the `db_flags` and
setting that to the magic value if 2048 (the `CapabilityClientSSL` bit).
In this mode, it immediately moves to the strictest mode possible.
These changes make options available for Vitess users to more granularly
configure the SSL settings. It mimics the MySQL client with an SSL mode
flag that can be set to various values matching MySQL.
This flags replaces the magic constant for db_flags and allows more fine
grained control.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
TLS 1.0 & TLS 1.1 are deprecated and shouldn't be used anymore. There
are however many older MySQL versions out there where the latest 5.6,
5.7 or 8.0 patch release isn't used which means they don't have a build
against OpenSSL with latest TLS support.
This means we can't easily change the minimum version to always be TLS
1.2, but the best possible option is to create flag instead.
The changes here add support for that flag. The default still is TLS
1.2 as the minimum version, but people who run against an older MySQL
can use a new flag to override this and still allow TLS 1.0 or TLS 1.1
if desired.
Signed-off-by: Dirkjan Bussink <d.bussink@gmail.com>
While testing vttablet-mysqld over TCP, we noticed mysql.Connect
sometimes blocks forever if the backend mysqld hit max conns. This
patch adds a timeout to this codepath. It defaults to 0 (no timeout)
for back compatibility.
Signed-off-by: Adam Saponara <as@php.net>
Fix a regression where the dbname flags were removed as part of the
earlier cleanup and refactor. This is against policy since we want
to keep the flags for now.
Unlike the other user-specific db connection flags, this one does
not actually do anything at runtime except set a "DeprecatedDBName"
field in the DBConfig.
Signed-off-by: Michael Demmer <mdemmer@slack-corp.com>
In go 1.11, common name is ignored when it doesn't parse as a host name.
See this change:
https://go-review.googlesource.com/c/go/+/123355
So we make it look like a host name in tests.
Also add ServerName to MySQL conn parameters, so it can be specified
explicitely, instead of using the defaults always.
Signed-off-by: Alain Jobart <alainjobart@google.com>
If mysql connection parameters are incorrect, the failure happens
late, and it's hard to troubleshoot. This change causes such cases
to fail early with explicit error messages.
Added tests for VTGate mysql protocol. Additonally:
* Removed Engine from ConnParams
* Added an extra test for mid-stream failures in mysql
* Refactored the mysql protocol to allow for dynamic port
And moving endtoend tests from go/mysql to go/mysql/endtoend.
This breaks the go/vt/vttest circular dependency, and makes the
tests that need a MySQL instance all in the same place, cleaner.
Vicent Marti
Florent Poinsard
Hormoz Kheradmand
Dirkjan Bussink
Adam Saponara
Sugu Sougoumarane
yuxiaobo
Michael Demmer
Alain Jobart