Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide Client TLS Certificates as Query Parameters #1611

Open
nickzelei opened this issue Jul 19, 2024 · 0 comments
Open

Provide Client TLS Certificates as Query Parameters #1611

nickzelei opened this issue Jul 19, 2024 · 0 comments

Comments

@nickzelei
Copy link

Issue description

I'd like to be able to provide SSL certificate paths via query parameters in the DSN instead of explicitly registering them with the driver.

I need to do this because I'm operating a service that runs in a multi-tenant environment and I don't want to have to register these in a global way, but instead provide them as paths.

It's possible I'm just doing something stupid here and just can't see it, but I get an error when trying to provide them as query parameters.

This seems to be possible when looking at the supported connection parameters: https://dev.mysql.com/doc/refman/8.0/en/connecting-using-uri-or-key-value-pairs.html

ssl-ca: The path to the X.509 certificate authority file in PEM format.
ssl-capath: The path to the directory that contains the X.509 certificates authority files in PEM format.
ssl-cert: The path to the X.509 certificate file in PEM format.
ssl-cipher: The encryption cipher to use for connections that use TLS protocols up through TLSv1.2.
ssl-crl: The path to the file that contains certificate revocation lists in PEM format.
ssl-crlpath: The path to the directory that contains certificate revocation-list files in PEM format.
ssl-key: The path to the X.509 key file in PEM format.

Example code

https://gist.github.com/nickzelei/cab80c7424a2d7099ce0663ed6e9f6d4

Relevant snippet

	caCertPath := url.QueryEscape("/Users/nick/code/dbssl/certs/root.crt")
	clientCertPath := url.QueryEscape("/Users/nick/code/dbssl/certs/client.crt")
	clientKeyPath := url.QueryEscape("/Users/nick/code/dbssl/certs/client.key")
	tls := url.QueryEscape("skip-verify")

	dsn := fmt.Sprintf("myuser:mypassword@tcp(localhost:3306)/mydb?tls=%s&ssl-ca=%s&ssl-cert=%s&ssl-key=%s&timeout=5s",
		tls, caCertPath, clientCertPath, clientKeyPath)

Error log

2024/07/19 10:02:49 Error pinging database: Error 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ssl-ca = /Users/nick/code/dbssl/certs/root.crt, ssl-cert' at line 1
exit status 1

Configuration

Driver version: v1.8.1

Go version: go version go1.22.5 darwin/arm64

Server version: MySQL 8.0 (official docker image)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nickzelei