Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: MySQL database backends with SSL #15

Closed
wants to merge 3 commits into from
Closed

Feature: MySQL database backends with SSL #15

wants to merge 3 commits into from

Conversation

MrMarvin
Copy link
Contributor

This pull requests introduces five new configuration parameters to the MySQL database backend:

  • ssl_key
  • ssl_cert
  • ssl_ca
  • ssl_capath
  • ssl_cipher

which correspond to the parameters to libmysql's mysql_ssl_set().

Therefore support for SSL secured connections is added.
These changes should not break backward compatibility as it is a opt-in feature.

Tested with a MySQL 5.6.23 backend with a custom CA and libmysqlclient-dev 5.5.44-0ubuntu0.14.04.1 on the client. We believe this works on any recent mysql installation.

Example

"lease-database": {
        "type": "mysql",
        "name": "keabackend1",
        "host": "database.example.com",
        "user": "root",
        "ssl_ca": "/vagrant/rds-combined-ca-bundle.pem",
        "password": "secret"
}

fxdupont and others added 3 commits October 21, 2015 21:21
@fxdupont
[master] spelling
c7b26c2
@fxdupont
[master] Merge branch 'master' of ssh://git.kea.isc.org/git/kea
360b740
adds support for MySQL SSL connections
0067d76 
Additional parameters for the MySQL database backend have been
introduced which are used to call libmysql's mysql_ssl_set() function.
@fxdupont
Copy link
Collaborator

Create #5117 ticket to handle it. One question and one concern:

  • is it OpenSSL library required? We have both Botan and OpenSSL as crypto backend so if an OpenSSL dependency is not an issue it is not so neutral
  • unit tests are needed

tomaszmrugalski pushed a commit that referenced this pull request Sep 5, 2018
@tmarkwalder
[#15,!11] Schema upgrades for Kea 1.5, now update subnet ids in exist…
8d04ad0 
…ing host reservations

src/bin/admin/tests/pgsql_tests.sh.in
src/bin/admin/tests/cql_tests.sh.in
src/bin/admin/tests/mysql_tests.sh.in
    Added functions that verify subnet id values are updated

src/share/database/scripts/cql/upgrade_2.0_to_3.0.sh.in
src/share/database/scripts/mysql/upgrade_6.0_to_7.0.sh.in
src/share/database/scripts/pgsql/upgrade_4.0_to_5.0.sh.in
    Added logic to update subnet id values in existing reservations
    and options
tomaszmrugalski pushed a commit that referenced this pull request Sep 5, 2018
@tmarkwalder
[#15,!11] Addressed review comments
ca63bff 
    Mostly added commentary.
tomaszmrugalski pushed a commit that referenced this pull request Sep 5, 2018
@msiodelski
[#15,!11] Removed remaining whitespaces.
ff11c38
tomaszmrugalski pushed a commit that referenced this pull request Sep 5, 2018
@msiodelski
[#15,!11] Corrected a typo.
e6b135c
tomaszmrugalski pushed a commit that referenced this pull request Sep 5, 2018
@msiodelski
[#15,!11] Added new scripts and netconf tests to .gitignore
39b3aa8
jivdhaliwal pushed a commit to ministryofjustice/staff-device-dhcp-server that referenced this pull request Oct 22, 2020
Add a note about KEA not supporting SSL connections to the database
902be44 
isc-projects/kea#15
@tomaszmrugalski
Copy link
Member

The recent Kea releases now have SSL support in MySQL. This has been added in kea 2.1.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature unit-tests needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MrMarvin @fxdupont @tomaszmrugalski