Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for setting client certificate and key from bytes #2646

Merged
merged 5 commits into from
Sep 26, 2023
Merged

Support for setting client certificate and key from bytes #2646

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3202796
Support for setting client certificate and key from bytes
wyhaya Jul 24, 2023
6848180
Rename ssh_client_*_from_bytes to ssl_client_*_from_pem
wyhaya Aug 1, 2023
bbb8701
doc: clarify client_*_from_pem docs and add examples
abonander Sep 26, 2023
a859ffa
doc: apply missed suggestions from previous commit
abonander Sep 26, 2023
fe51e1c
fix: run `cargo fmt`
abonander Sep 26, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 50 additions & 0 deletions sqlx-mysql/src/options/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -213,6 +213,31 @@ impl MySqlConnectOptions {
self
}

/// Sets the SSL client certificate as a PEM-encoded byte slice.
///
/// This should be an ASCII-encoded blob that starts with `-----BEGIN CERTIFICATE-----`.
///
/// # Example
/// Note: embedding SSL certificates and keys in the binary is not advised.
/// This is for illustration purposes only.
///
/// ```rust
/// # use sqlx_core::mysql::{MySqlSslMode, MySqlConnectOptions};
///
/// const CERT: &[u8] = b"\
/// -----BEGIN CERTIFICATE-----
/// <Certificate data here.>
/// -----END CERTIFICATE-----";
///
/// let options = MySqlConnectOptions::new()
/// .ssl_mode(MySqlSslMode::VerifyCa)
/// .ssl_client_cert_from_pem(CERT);
/// ```
pub fn ssl_client_cert_from_pem(mut self, cert: impl AsRef<[u8]>) -> Self {
self.ssl_client_cert = Some(CertificateInput::Inline(cert.as_ref().to_vec()));
self
}

/// Sets the name of a file containing SSL client key.
///
/// # Example
Expand All @@ -228,6 +253,31 @@ impl MySqlConnectOptions {
self
}

/// Sets the SSL client key as a PEM-encoded byte slice.
///
/// This should be an ASCII-encoded blob that starts with `-----BEGIN PRIVATE KEY-----`.
///
/// # Example
/// Note: embedding SSL certificates and keys in the binary is not advised.
/// This is for illustration purposes only.
///
/// ```rust
/// # use sqlx_core::mysql::{MySqlSslMode, MySqlConnectOptions};
///
/// const KEY: &[u8] = b"\
/// -----BEGIN PRIVATE KEY-----
/// <Private key data here.>
/// -----END PRIVATE KEY-----";
///
/// let options = MySqlConnectOptions::new()
/// .ssl_mode(MySqlSslMode::VerifyCa)
/// .ssl_client_key_from_pem(KEY);
/// ```
pub fn ssl_client_key_from_pem(mut self, key: impl AsRef<[u8]>) -> Self {
self.ssl_client_key = Some(CertificateInput::Inline(key.as_ref().to_vec()));
self
}

/// Sets the capacity of the connection's statement cache in a number of stored
/// distinct statements. Caching is handled using LRU, meaning when the
/// amount of queries hits the defined limit, the oldest statement will get
Expand Down
52 changes: 52 additions & 0 deletions sqlx-postgres/src/options/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -344,6 +344,32 @@ impl PgConnectOptions {
self
}

/// Sets the SSL client certificate as a PEM-encoded byte slice.
///
/// This should be an ASCII-encoded blob that starts with `-----BEGIN CERTIFICATE-----`.
///
/// # Example
/// Note: embedding SSL certificates and keys in the binary is not advised.
/// This is for illustration purposes only.
///
/// ```rust
/// # use sqlx_core::postgres::{PgSslMode, PgConnectOptions};
///
/// const CERT: &[u8] = b"\
/// -----BEGIN CERTIFICATE-----
/// <Certificate data here.>
/// -----END CERTIFICATE-----";
///
/// let options = PgConnectOptions::new()
/// // Providing a CA certificate with less than VerifyCa is pointless
/// .ssl_mode(PgSslMode::VerifyCa)
/// .ssl_client_cert_from_pem(CERT);
/// ```
pub fn ssl_client_cert_from_pem(mut self, cert: impl AsRef<[u8]>) -> Self {
self.ssl_client_cert = Some(CertificateInput::Inline(cert.as_ref().to_vec()));
self
}

/// Sets the name of a file containing SSL client key.
///
/// # Example
Expand All @@ -360,6 +386,32 @@ impl PgConnectOptions {
self
}

/// Sets the SSL client key as a PEM-encoded byte slice.
///
/// This should be an ASCII-encoded blob that starts with `-----BEGIN PRIVATE KEY-----`.
///
/// # Example
/// Note: embedding SSL certificates and keys in the binary is not advised.
/// This is for illustration purposes only.
///
/// ```rust
/// # use sqlx_core::postgres::{PgSslMode, PgConnectOptions};
///
/// const KEY: &[u8] = b"\
/// -----BEGIN PRIVATE KEY-----
/// <Private key data here.>
/// -----END PRIVATE KEY-----";
///
/// let options = PgConnectOptions::new()
/// // Providing a CA certificate with less than VerifyCa is pointless
/// .ssl_mode(PgSslMode::VerifyCa)
/// .ssl_client_key_from_pem(KEY);
/// ```
pub fn ssl_client_key_from_pem(mut self, key: impl AsRef<[u8]>) -> Self {
self.ssl_client_key = Some(CertificateInput::Inline(key.as_ref().to_vec()));
self
}

/// Sets PEM encoded trusted SSL Certificate Authorities (CA).
///
/// # Example
Expand Down