diff --git a/include/MySQL_Thread.h b/include/MySQL_Thread.h index e87fe710b..d4e4fd263 100644 --- a/include/MySQL_Thread.h +++ b/include/MySQL_Thread.h @@ -298,6 +298,10 @@ class MySQL_Threads_Handler int poll_timeout_on_failure; char *eventslog_filename; int eventslog_filesize; + // SSL related, proxy to server + char * ssl_p2s_ca; + char * ssl_p2s_cert; + char * ssl_p2s_key; } variables; PtrArray *bind_fds; MySQL_Listeners_Manager *MLM; diff --git a/include/proxysql_structs.h b/include/proxysql_structs.h index 04326ddbc..67b84728d 100644 --- a/include/proxysql_structs.h +++ b/include/proxysql_structs.h @@ -721,6 +721,11 @@ __thread bool mysql_thread___query_digests; __thread bool mysql_thread___default_reconnect; __thread bool mysql_thread___sessions_sort; +/* variables used for SSL , from proxy to server (p2s) */ +__thread char * mysql_thread___ssl_p2s_ca; +__thread char * mysql_thread___ssl_p2s_cert; +__thread char * mysql_thread___ssl_p2s_key; + /* variables used by events log */ __thread char * mysql_thread___eventslog_filename; __thread int mysql_thread___eventslog_filesize; @@ -787,6 +792,11 @@ extern __thread bool mysql_thread___query_digests; extern __thread bool mysql_thread___default_reconnect; extern __thread bool mysql_thread___sessions_sort; +/* variables used for SSL , from proxy to server (p2s) */ +extern __thread char * mysql_thread___ssl_p2s_ca; +extern __thread char * mysql_thread___ssl_p2s_cert; +extern __thread char * mysql_thread___ssl_p2s_key; + /* variables used by events log */ extern __thread char * mysql_thread___eventslog_filename; extern __thread int mysql_thread___eventslog_filesize; diff --git a/lib/MySQL_Thread.cpp b/lib/MySQL_Thread.cpp index 7f640605f..a25c1a029 100644 --- a/lib/MySQL_Thread.cpp +++ b/lib/MySQL_Thread.cpp @@ -189,6 +189,9 @@ static char * mysql_thread_variables_names[]= { (char *)"servers_stats", (char *)"default_reconnect", (char *)"session_debug", + (char *)"ssl_p2s_ca", + (char *)"ssl_p2s_cert", + (char *)"ssl_p2s_key", (char *)"stacksize", (char *)"threads", NULL @@ -264,6 +267,9 @@ MySQL_Threads_Handler::MySQL_Threads_Handler() { variables.sessions_sort=true; variables.servers_stats=true; variables.default_reconnect=true; + variables.ssl_p2s_ca=NULL; + variables.ssl_p2s_cert=NULL; + variables.ssl_p2s_key=NULL; #ifdef DEBUG variables.session_debug=true; #endif /*debug */ @@ -349,6 +355,29 @@ char * MySQL_Threads_Handler::get_variable_string(char *name) { if (!strcasecmp(name,"monitor_query_variables")) return strdup(variables.monitor_query_variables); if (!strcasecmp(name,"monitor_query_status")) return strdup(variables.monitor_query_status); } + if (!strncasecmp(name,"ssl_",4)) { + if (!strcasecmp(name,"ssl_p2s_ca")) { + if (variables.ssl_p2s_ca==NULL || strlen(variables.ssl_p2s_ca)==0) { + return NULL; + } else { + return strdup(variables.ssl_p2s_ca); + } + } + if (!strcasecmp(name,"ssl_p2s_cert")) { + if (variables.ssl_p2s_cert==NULL || strlen(variables.ssl_p2s_cert)==0) { + return NULL; + } else { + return strdup(variables.ssl_p2s_cert); + } + } + if (!strcasecmp(name,"ssl_p2s_key")) { + if (variables.ssl_p2s_key==NULL || strlen(variables.ssl_p2s_key)==0) { + return NULL; + } else { + return strdup(variables.ssl_p2s_key); + } + } + } if (!strcasecmp(name,"server_version")) return strdup(variables.server_version); if (!strcasecmp(name,"eventslog_filename")) return strdup(variables.eventslog_filename); if (!strcasecmp(name,"default_schema")) return strdup(variables.default_schema); @@ -1003,6 +1032,36 @@ bool MySQL_Threads_Handler::set_variable(char *name, char *value) { // this is t return false; } } + + // SSL proxy to server variables + if (!strcasecmp(name,"ssl_p2s_ca")) { + free(variables.ssl_p2s_ca); + variables.ssl_p2s_ca=NULL; + if (vallen) { + if (strcmp(value,"(null)")) + variables.ssl_p2s_ca=strdup(value); + } + return true; + } + if (!strcasecmp(name,"ssl_p2s_cert")) { + free(variables.ssl_p2s_cert); + variables.ssl_p2s_cert=NULL; + if (vallen) { + if (strcmp(value,"(null)")) + variables.ssl_p2s_cert=strdup(value); + } + return true; + } + if (!strcasecmp(name,"ssl_p2s_key")) { + free(variables.ssl_p2s_key); + variables.ssl_p2s_key=NULL; + if (vallen) { + if (strcmp(value,"(null)")) + variables.ssl_p2s_key=strdup(value); + } + return true; + } + if (!strcasecmp(name,"eventslog_filename")) { free(variables.eventslog_filename); variables.eventslog_filename=strdup(value); @@ -1274,6 +1333,9 @@ MySQL_Threads_Handler::~MySQL_Threads_Handler() { if (variables.interfaces) free(variables.interfaces); if (variables.server_version) free(variables.server_version); if (variables.eventslog_filename) free(variables.eventslog_filename); + if (variables.ssl_p2s_ca) free(variables.ssl_p2s_ca); + if (variables.ssl_p2s_cert) free(variables.ssl_p2s_cert); + if (variables.ssl_p2s_key) free(variables.ssl_p2s_key); free(mysql_threads); mysql_threads=NULL; delete MLM; @@ -1307,7 +1369,9 @@ MySQL_Thread::~MySQL_Thread() { if (mysql_thread___default_schema) { free(mysql_thread___default_schema); mysql_thread___default_schema=NULL; } if (mysql_thread___server_version) { free(mysql_thread___server_version); mysql_thread___server_version=NULL; } if (mysql_thread___eventslog_filename) { free(mysql_thread___eventslog_filename); mysql_thread___eventslog_filename=NULL; } - + if (mysql_thread___ssl_p2s_ca) { free(mysql_thread___ssl_p2s_ca); mysql_thread___ssl_p2s_ca=NULL; } + if (mysql_thread___ssl_p2s_cert) { free(mysql_thread___ssl_p2s_cert); mysql_thread___ssl_p2s_cert=NULL; } + if (mysql_thread___ssl_p2s_key) { free(mysql_thread___ssl_p2s_key); mysql_thread___ssl_p2s_key=NULL; } } @@ -1808,6 +1872,14 @@ void MySQL_Thread::refresh_variables() { } } + // SSL proxy to server + if (mysql_thread___ssl_p2s_ca) free(mysql_thread___ssl_p2s_ca); + mysql_thread___ssl_p2s_ca=GloMTH->get_variable_string((char *)"ssl_p2s_ca"); + if (mysql_thread___ssl_p2s_cert) free(mysql_thread___ssl_p2s_cert); + mysql_thread___ssl_p2s_cert=GloMTH->get_variable_string((char *)"ssl_p2s_cert"); + if (mysql_thread___ssl_p2s_key) free(mysql_thread___ssl_p2s_key); + mysql_thread___ssl_p2s_key=GloMTH->get_variable_string((char *)"ssl_p2s_key"); + if (mysql_thread___monitor_query_variables) free(mysql_thread___monitor_query_variables); mysql_thread___monitor_query_variables=GloMTH->get_variable_string((char *)"monitor_query_variables"); if (mysql_thread___monitor_query_status) free(mysql_thread___monitor_query_status); @@ -1869,6 +1941,11 @@ MySQL_Thread::MySQL_Thread() { mysql_thread___server_version=NULL; mysql_thread___eventslog_filename=NULL; + // SSL proxy to server + mysql_thread___ssl_p2s_ca=NULL; + mysql_thread___ssl_p2s_cert=NULL; + mysql_thread___ssl_p2s_key=NULL; + last_maintenance_time=0; maintenance_loop=true; diff --git a/lib/mysql_connection.cpp b/lib/mysql_connection.cpp index a29dce5f2..eb46a373a 100644 --- a/lib/mysql_connection.cpp +++ b/lib/mysql_connection.cpp @@ -299,7 +299,7 @@ void MySQL_Connection::connect_start() { assert(mysql); mysql_options(mysql, MYSQL_OPT_NONBLOCK, 0); if (parent->use_ssl) { - mysql_ssl_set(mysql, "/home/vagrant/newcerts/client-key.pem","/home/vagrant/newcerts/client-cert.pem", NULL, NULL, NULL); + mysql_ssl_set(mysql, mysql_thread___ssl_p2s_key, mysql_thread___ssl_p2s_cert, mysql_thread___ssl_p2s_ca, NULL, NULL); } unsigned int timeout= 1; mysql_options(mysql, MYSQL_OPT_CONNECT_TIMEOUT, (void *)&timeout);