Missing SSL Support about mysql_async HOT 7 CLOSED

Hi!

Yes, documentation was accidentally copied from rust-mysql-simple.

I suspect that adding support would just involve adapting the appropriate pieces of SSL code from rust-mysql-simple.

Yes. It should not be a problem with tokio-tls crate. I believe i'll find time for this on next week but if it's too late for you, then you could try to implement it yourself (documentation)

from mysql_async.

Thanks for the quick response! Waiting a week is no big deal for me. Let me know if you end up not having time for this though.

from mysql_async.

It appears to be harder than i thought but now i'm a bit closer (sfackler/rust-native-tls#54).
There's one more issue that needs to be fixed.

from mysql_async.

Hey, I noticed that the latest release of mysql_async now appears to have some SSL support in place. Thank you for working on this!

Given that you haven't yet closed this issue, is there still additional work that you need to do?

Also, I noticed that unlike in rust-mysql-simple, you're using native-tls here, which appears to only accept SSL credentials as PKCS12 archives. (Whereas in rust-mysql-simple, PKCS12 is only used for MacOS clients -- other Unix-like systems need to specify a certificate, private key, and CA certificate chain independently.)

I've been successfully using rust-mysql-simple on Linux in the aforementioned way for a while now. I tried using OpenSSL to convert my certificates and key into a PKCS12 archive and giving that to mysql_async, but attempting to connect to the database fails during certificate verification. I'm pretty sure I'm just going something wrong, but I thought it'd be worth asking if you'd expect SSL to work on Linux clients in this crate's current state.

from mysql_async.

Hi.

Given that you haven't yet closed this issue, is there still additional work that you need to do?

Yeah, ssl on linux is still broken at the moment. I hope to solve this in near future.
Please use rust-mysql-simple with something like futures-cpupool until then.

from mysql_async.

Oh. Well. This one was easyer than i thought.

It turns out that certificate of my custom CA should not go to pkcs12 but should be provided separetely. I've added SslOpts::set_root_cert_path method for this (it is in v0.12.1). But i'm still not sure why everything worked on my mac without it.

Anyway.
This works flawlessly on my linux box:

let mut ssl_opts = SslOpts::new("./test/client.p12".as_ref());
ssl_opts.set_root_cert_path(Some("./test/ca-cert.der".as_ref()));
ssl_opts.set_password(Some("pass"));

from mysql_async.

Cool, I can confirm that SSL now works for me on Linux. Thanks for your quick response!

from mysql_async.