Added variables for SSL connections to backends #552

Variables added:
* mysql-ssl_p2s_ca
* mysql-ssl_p2s_cert
* mysql-ssl_p2s_key

include/MySQL_Thread.h

@@ -298,6 +298,10 @@ class MySQL_Threads_Handler
 		int poll_timeout_on_failure;
 		char *eventslog_filename;
 		int eventslog_filesize;
+		// SSL related, proxy to server
+		char * ssl_p2s_ca;
+		char * ssl_p2s_cert;
+		char * ssl_p2s_key;
 	} variables;
 	PtrArray *bind_fds;
 	MySQL_Listeners_Manager *MLM;

include/proxysql_structs.h

@@ -721,6 +721,11 @@ __thread bool mysql_thread___query_digests;
 __thread bool mysql_thread___default_reconnect;
 __thread bool mysql_thread___sessions_sort;
 
+/* variables used for SSL , from proxy to server (p2s) */
+__thread char * mysql_thread___ssl_p2s_ca;
+__thread char * mysql_thread___ssl_p2s_cert;
+__thread char * mysql_thread___ssl_p2s_key;
+
 /* variables used by events log */
 __thread char * mysql_thread___eventslog_filename;
 __thread int mysql_thread___eventslog_filesize;
@@ -787,6 +792,11 @@ extern __thread bool mysql_thread___query_digests;
 extern __thread bool mysql_thread___default_reconnect;
 extern __thread bool mysql_thread___sessions_sort;
 
+/* variables used for SSL , from proxy to server (p2s) */
+extern __thread char * mysql_thread___ssl_p2s_ca;
+extern __thread char * mysql_thread___ssl_p2s_cert;
+extern __thread char * mysql_thread___ssl_p2s_key;
+
 /* variables used by events log */
 extern __thread char * mysql_thread___eventslog_filename;
 extern __thread int mysql_thread___eventslog_filesize;

lib/MySQL_Thread.cpp

@@ -189,6 +189,9 @@ static char * mysql_thread_variables_names[]= {
 	(char *)"servers_stats",
 	(char *)"default_reconnect",
 	(char *)"session_debug",
+	(char *)"ssl_p2s_ca",
+	(char *)"ssl_p2s_cert",
+	(char *)"ssl_p2s_key",
 	(char *)"stacksize",
 	(char *)"threads",
 	NULL
@@ -264,6 +267,9 @@ MySQL_Threads_Handler::MySQL_Threads_Handler() {
 	variables.sessions_sort=true;
 	variables.servers_stats=true;
 	variables.default_reconnect=true;
+	variables.ssl_p2s_ca=NULL;
+	variables.ssl_p2s_cert=NULL;
+	variables.ssl_p2s_key=NULL;
 #ifdef DEBUG
 	variables.session_debug=true;
 #endif /*debug */
@@ -349,6 +355,29 @@ char * MySQL_Threads_Handler::get_variable_string(char *name) {
 		if (!strcasecmp(name,"monitor_query_variables")) return strdup(variables.monitor_query_variables);
 		if (!strcasecmp(name,"monitor_query_status")) return strdup(variables.monitor_query_status);
 	}
+	if (!strncasecmp(name,"ssl_",4)) {
+		if (!strcasecmp(name,"ssl_p2s_ca")) {
+			if (variables.ssl_p2s_ca==NULL || strlen(variables.ssl_p2s_ca)==0) {
+				return NULL;
+			} else {
+				return strdup(variables.ssl_p2s_ca);
+			}
+		}
+		if (!strcasecmp(name,"ssl_p2s_cert")) {
+			if (variables.ssl_p2s_cert==NULL || strlen(variables.ssl_p2s_cert)==0) {
+				return NULL;
+			} else {
+				return strdup(variables.ssl_p2s_cert);
+			}
+		}
+		if (!strcasecmp(name,"ssl_p2s_key")) {
+			if (variables.ssl_p2s_key==NULL || strlen(variables.ssl_p2s_key)==0) {
+				return NULL;
+			} else {
+				return strdup(variables.ssl_p2s_key);
+			}
+		}
+	}
 	if (!strcasecmp(name,"server_version")) return strdup(variables.server_version);
 	if (!strcasecmp(name,"eventslog_filename")) return strdup(variables.eventslog_filename);
 	if (!strcasecmp(name,"default_schema")) return strdup(variables.default_schema);
@@ -1003,6 +1032,36 @@ bool MySQL_Threads_Handler::set_variable(char *name, char *value) {	// this is t
 			return false;
 		}
 	}
+
+	// SSL proxy to server variables
+	if (!strcasecmp(name,"ssl_p2s_ca")) {
+		free(variables.ssl_p2s_ca);
+		variables.ssl_p2s_ca=NULL;
+		if (vallen) {
+			if (strcmp(value,"(null)"))
+				variables.ssl_p2s_ca=strdup(value);
+		}
+		return true;
+	}
+	if (!strcasecmp(name,"ssl_p2s_cert")) {
+		free(variables.ssl_p2s_cert);
+		variables.ssl_p2s_cert=NULL;
+		if (vallen) {
+			if (strcmp(value,"(null)"))
+				variables.ssl_p2s_cert=strdup(value);
+		}
+		return true;
+	}
+	if (!strcasecmp(name,"ssl_p2s_key")) {
+		free(variables.ssl_p2s_key);
+		variables.ssl_p2s_key=NULL;
+		if (vallen) {
+			if (strcmp(value,"(null)"))
+				variables.ssl_p2s_key=strdup(value);
+		}
+		return true;
+	}
+
 	if (!strcasecmp(name,"eventslog_filename")) {
 		free(variables.eventslog_filename);
 		variables.eventslog_filename=strdup(value);
@@ -1274,6 +1333,9 @@ MySQL_Threads_Handler::~MySQL_Threads_Handler() {
 	if (variables.interfaces) free(variables.interfaces);
 	if (variables.server_version) free(variables.server_version);
 	if (variables.eventslog_filename) free(variables.eventslog_filename);
+	if (variables.ssl_p2s_ca) free(variables.ssl_p2s_ca);
+	if (variables.ssl_p2s_cert) free(variables.ssl_p2s_cert);
+	if (variables.ssl_p2s_key) free(variables.ssl_p2s_key);
 	free(mysql_threads);
 	mysql_threads=NULL;
 	delete MLM;
@@ -1307,7 +1369,9 @@ MySQL_Thread::~MySQL_Thread() {
 	if (mysql_thread___default_schema) { free(mysql_thread___default_schema); mysql_thread___default_schema=NULL; }
 	if (mysql_thread___server_version) { free(mysql_thread___server_version); mysql_thread___server_version=NULL; }
 	if (mysql_thread___eventslog_filename) { free(mysql_thread___eventslog_filename); mysql_thread___eventslog_filename=NULL; }
-
+	if (mysql_thread___ssl_p2s_ca) { free(mysql_thread___ssl_p2s_ca); mysql_thread___ssl_p2s_ca=NULL; }
+	if (mysql_thread___ssl_p2s_cert) { free(mysql_thread___ssl_p2s_cert); mysql_thread___ssl_p2s_cert=NULL; }
+	if (mysql_thread___ssl_p2s_key) { free(mysql_thread___ssl_p2s_key); mysql_thread___ssl_p2s_key=NULL; }
 }
 
 
@@ -1808,6 +1872,14 @@ void MySQL_Thread::refresh_variables() {
 		}
 	}
 
+	// SSL proxy to server
+	if (mysql_thread___ssl_p2s_ca) free(mysql_thread___ssl_p2s_ca);
+	mysql_thread___ssl_p2s_ca=GloMTH->get_variable_string((char *)"ssl_p2s_ca");
+	if (mysql_thread___ssl_p2s_cert) free(mysql_thread___ssl_p2s_cert);
+	mysql_thread___ssl_p2s_cert=GloMTH->get_variable_string((char *)"ssl_p2s_cert");
+	if (mysql_thread___ssl_p2s_key) free(mysql_thread___ssl_p2s_key);
+	mysql_thread___ssl_p2s_key=GloMTH->get_variable_string((char *)"ssl_p2s_key");
+
 	if (mysql_thread___monitor_query_variables) free(mysql_thread___monitor_query_variables);
 	mysql_thread___monitor_query_variables=GloMTH->get_variable_string((char *)"monitor_query_variables");
 	if (mysql_thread___monitor_query_status) free(mysql_thread___monitor_query_status);
@@ -1869,6 +1941,11 @@ MySQL_Thread::MySQL_Thread() {
 	mysql_thread___server_version=NULL;
 	mysql_thread___eventslog_filename=NULL;
 
+	// SSL proxy to server
+	mysql_thread___ssl_p2s_ca=NULL;
+	mysql_thread___ssl_p2s_cert=NULL;
+	mysql_thread___ssl_p2s_key=NULL;
+
 	last_maintenance_time=0;
 	maintenance_loop=true;
 

lib/mysql_connection.cpp

@@ -299,7 +299,7 @@ void MySQL_Connection::connect_start() {
 	assert(mysql);
 	mysql_options(mysql, MYSQL_OPT_NONBLOCK, 0);
 	if (parent->use_ssl) {
-		mysql_ssl_set(mysql, "/home/vagrant/newcerts/client-key.pem","/home/vagrant/newcerts/client-cert.pem", NULL, NULL, NULL);
+		mysql_ssl_set(mysql, mysql_thread___ssl_p2s_key, mysql_thread___ssl_p2s_cert, mysql_thread___ssl_p2s_ca, NULL, NULL);
 	}
 	unsigned int timeout= 1;
 	mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, (void *)&timeout);