add mysql custom TLS config

closes #117
mattes · Mar 1, 2017 · 150ac7d · 150ac7d
1 parent be1ba92
commit 150ac7d
Showing 1 changed file with 55 additions and 0 deletions.
diff --git a/database/mysql/mysql.go b/database/mysql/mysql.go
@@ -1,11 +1,14 @@
 package mysql
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"database/sql"
 	"fmt"
 	"io"
 	"io/ioutil"
 	nurl "net/url"
+	"strconv"
 	"strings"
 
 	"github.com/go-sql-driver/mysql"
@@ -23,6 +26,7 @@ var (
 	ErrDatabaseDirty  = fmt.Errorf("database is dirty")
 	ErrNilConfig      = fmt.Errorf("no config")
 	ErrNoDatabaseName = fmt.Errorf("no database name")
+	ErrAppendPEM      = fmt.Errorf("failed to append PEM")
 )
 
 type Config struct {
@@ -94,6 +98,42 @@ func (m *Mysql) Open(url string) (database.Driver, error) {
 		migrationsTable = DefaultMigrationsTable
 	}
 
+	// use custom TLS?
+	ctls := purl.Query().Get("tls")
+	if len(ctls) > 0 {
+		if _, isBool := readBool(ctls); !isBool && strings.ToLower(ctls) != "skip-verify" {
+			rootCertPool := x509.NewCertPool()
+			pem, err := ioutil.ReadFile(purl.Query().Get("x-tls-ca"))
+			if err != nil {
+				return nil, err
+			}
+
+			if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
+				return nil, ErrAppendPEM
+			}
+
+			certs, err := tls.LoadX509KeyPair(purl.Query().Get("x-tls-cert"), purl.Query().Get("x-tls-key"))
+			if err != nil {
+				return nil, err
+			}
+
+			insecureSkipVerify := false
+			if len(purl.Query().Get("x-tls-insecure-skip-verify")) > 0 {
+				x, err := strconv.ParseBool(purl.Query().Get("x-tls-insecure-skip-verify"))
+				if err != nil {
+					return nil, err
+				}
+				insecureSkipVerify = x
+			}
+
+			mysql.RegisterTLSConfig(ctls, &tls.Config{
+				RootCAs:            rootCertPool,
+				Certificates:       []tls.Certificate{certs},
+				InsecureSkipVerify: insecureSkipVerify,
+			})
+		}
+	}
+
 	mx, err := WithInstance(db, &Config{
 		DatabaseName:    purl.Path,
 		MigrationsTable: migrationsTable,
@@ -270,3 +310,18 @@ func (m *Mysql) ensureVersionTable() error {
 	}
 	return nil
 }
+
+// Returns the bool value of the input.
+// The 2nd return value indicates if the input was a valid bool value
+// See https://github.com/go-sql-driver/mysql/blob/a059889267dc7170331388008528b3b44479bffb/utils.go#L71
+func readBool(input string) (value bool, valid bool) {
+	switch input {
+	case "1", "true", "TRUE", "True":
+		return true, true
+	case "0", "false", "FALSE", "False":
+		return false, true
+	}
+
+	// Not a valid bool value
+	return
+}