From 3202796e3dda03ec48c70f8702354d69e95ce873 Mon Sep 17 00:00:00 2001 From: wyhaya Date: Mon, 24 Jul 2023 15:16:29 +0800 Subject: [PATCH 1/5] Support for setting client certificate and key from bytes --- sqlx-mysql/src/options/mod.rs | 30 ++++++++++++++++++++++++++++++ sqlx-postgres/src/options/mod.rs | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) diff --git a/sqlx-mysql/src/options/mod.rs b/sqlx-mysql/src/options/mod.rs index 851237cc02..573e403ce1 100644 --- a/sqlx-mysql/src/options/mod.rs +++ b/sqlx-mysql/src/options/mod.rs @@ -213,6 +213,21 @@ impl MySqlConnectOptions { self } + /// Sets the SSL client certificate from a byte slice. + /// + /// # Example + /// + /// ```rust + /// # use sqlx_core::mysql::{MySqlSslMode, MySqlConnectOptions}; + /// let options = MySqlConnectOptions::new() + /// .ssl_mode(MySqlSslMode::VerifyCa) + /// .ssl_client_cert_from_bytes(vec![]); + /// ``` + pub fn ssl_client_cert_from_bytes(mut self, cert: impl AsRef<[u8]>) -> Self { + self.ssl_client_cert = Some(CertificateInput::Inline(cert.as_ref().to_vec())); + self + } + /// Sets the name of a file containing SSL client key. /// /// # Example @@ -228,6 +243,21 @@ impl MySqlConnectOptions { self } + /// Sets the SSL client key from a byte slice. + /// + /// # Example + /// + /// ```rust + /// # use sqlx_core::mysql::{MySqlSslMode, MySqlConnectOptions}; + /// let options = MySqlConnectOptions::new() + /// .ssl_mode(MySqlSslMode::VerifyCa) + /// .ssl_client_key_from_bytes(vec![]); + /// ``` + pub fn ssl_client_key_from_bytes(mut self, key: impl AsRef<[u8]>) -> Self { + self.ssl_client_key = Some(CertificateInput::Inline(key.as_ref().to_vec())); + self + } + /// Sets the capacity of the connection's statement cache in a number of stored /// distinct statements. Caching is handled using LRU, meaning when the /// amount of queries hits the defined limit, the oldest statement will get diff --git a/sqlx-postgres/src/options/mod.rs b/sqlx-postgres/src/options/mod.rs index bd22f84f07..3580a6a892 100644 --- a/sqlx-postgres/src/options/mod.rs +++ b/sqlx-postgres/src/options/mod.rs @@ -344,6 +344,22 @@ impl PgConnectOptions { self } + /// Sets the SSL client certificate from a byte slice. + /// + /// # Example + /// + /// ```rust + /// # use sqlx_core::postgres::{PgSslMode, PgConnectOptions}; + /// let options = PgConnectOptions::new() + /// // Providing a CA certificate with less than VerifyCa is pointless + /// .ssl_mode(PgSslMode::VerifyCa) + /// .ssl_client_cert_from_bytes(vec![]); + /// ``` + pub fn ssl_client_cert_from_bytes(mut self, cert: impl AsRef<[u8]>) -> Self { + self.ssl_client_cert = Some(CertificateInput::Inline(cert.as_ref().to_vec())); + self + } + /// Sets the name of a file containing SSL client key. /// /// # Example @@ -360,6 +376,22 @@ impl PgConnectOptions { self } + /// Sets the SSL client key from a byte slice. + /// + /// # Example + /// + /// ```rust + /// # use sqlx_core::postgres::{PgSslMode, PgConnectOptions}; + /// let options = PgConnectOptions::new() + /// // Providing a CA certificate with less than VerifyCa is pointless + /// .ssl_mode(PgSslMode::VerifyCa) + /// .ssl_client_key_from_bytes(vec![]); + /// ``` + pub fn ssl_client_key_from_bytes(mut self, key: impl AsRef<[u8]>) -> Self { + self.ssl_client_key = Some(CertificateInput::Inline(key.as_ref().to_vec())); + self + } + /// Sets PEM encoded trusted SSL Certificate Authorities (CA). /// /// # Example From 684818091924c25f3cad92e4ddbb252c2c0826c3 Mon Sep 17 00:00:00 2001 From: wyhaya Date: Tue, 1 Aug 2023 11:37:43 +0800 Subject: [PATCH 2/5] Rename ssh_client_*_from_bytes to ssl_client_*_from_pem --- sqlx-mysql/src/options/mod.rs | 8 ++++---- sqlx-postgres/src/options/mod.rs | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/sqlx-mysql/src/options/mod.rs b/sqlx-mysql/src/options/mod.rs index 573e403ce1..659f98c436 100644 --- a/sqlx-mysql/src/options/mod.rs +++ b/sqlx-mysql/src/options/mod.rs @@ -221,9 +221,9 @@ impl MySqlConnectOptions { /// # use sqlx_core::mysql::{MySqlSslMode, MySqlConnectOptions}; /// let options = MySqlConnectOptions::new() /// .ssl_mode(MySqlSslMode::VerifyCa) - /// .ssl_client_cert_from_bytes(vec![]); + /// .ssl_client_cert_from_pem(vec![]); /// ``` - pub fn ssl_client_cert_from_bytes(mut self, cert: impl AsRef<[u8]>) -> Self { + pub fn ssl_client_cert_from_pem(mut self, cert: impl AsRef<[u8]>) -> Self { self.ssl_client_cert = Some(CertificateInput::Inline(cert.as_ref().to_vec())); self } @@ -251,9 +251,9 @@ impl MySqlConnectOptions { /// # use sqlx_core::mysql::{MySqlSslMode, MySqlConnectOptions}; /// let options = MySqlConnectOptions::new() /// .ssl_mode(MySqlSslMode::VerifyCa) - /// .ssl_client_key_from_bytes(vec![]); + /// .ssl_client_key_from_pem(vec![]); /// ``` - pub fn ssl_client_key_from_bytes(mut self, key: impl AsRef<[u8]>) -> Self { + pub fn ssl_client_key_from_pem(mut self, key: impl AsRef<[u8]>) -> Self { self.ssl_client_key = Some(CertificateInput::Inline(key.as_ref().to_vec())); self } diff --git a/sqlx-postgres/src/options/mod.rs b/sqlx-postgres/src/options/mod.rs index 3580a6a892..ddd2584a82 100644 --- a/sqlx-postgres/src/options/mod.rs +++ b/sqlx-postgres/src/options/mod.rs @@ -353,9 +353,9 @@ impl PgConnectOptions { /// let options = PgConnectOptions::new() /// // Providing a CA certificate with less than VerifyCa is pointless /// .ssl_mode(PgSslMode::VerifyCa) - /// .ssl_client_cert_from_bytes(vec![]); + /// .ssl_client_cert_from_pem(vec![]); /// ``` - pub fn ssl_client_cert_from_bytes(mut self, cert: impl AsRef<[u8]>) -> Self { + pub fn ssl_client_cert_from_pem(mut self, cert: impl AsRef<[u8]>) -> Self { self.ssl_client_cert = Some(CertificateInput::Inline(cert.as_ref().to_vec())); self } @@ -385,9 +385,9 @@ impl PgConnectOptions { /// let options = PgConnectOptions::new() /// // Providing a CA certificate with less than VerifyCa is pointless /// .ssl_mode(PgSslMode::VerifyCa) - /// .ssl_client_key_from_bytes(vec![]); + /// .ssl_client_key_from_pem(vec![]); /// ``` - pub fn ssl_client_key_from_bytes(mut self, key: impl AsRef<[u8]>) -> Self { + pub fn ssl_client_key_from_pem(mut self, key: impl AsRef<[u8]>) -> Self { self.ssl_client_key = Some(CertificateInput::Inline(key.as_ref().to_vec())); self } From bbb8701ba08acfe856f6f8d05bc496621fe838ba Mon Sep 17 00:00:00 2001 From: Austin Bonander Date: Mon, 25 Sep 2023 17:46:31 -0700 Subject: [PATCH 3/5] doc: clarify client_*_from_pem docs and add examples --- sqlx-mysql/src/options/mod.rs | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/sqlx-mysql/src/options/mod.rs b/sqlx-mysql/src/options/mod.rs index 659f98c436..4488434e5d 100644 --- a/sqlx-mysql/src/options/mod.rs +++ b/sqlx-mysql/src/options/mod.rs @@ -213,15 +213,25 @@ impl MySqlConnectOptions { self } - /// Sets the SSL client certificate from a byte slice. + /// Sets the SSL client certificate as a PEM-encoded byte slice. + /// + /// This should be an ASCII-encoded blob that starts with `-----BEGIN CERTIFICATE-----`. /// /// # Example + /// Note: embedding SSL certificates and keys in the binary is not advised. + /// This is for illustration purposes only. /// /// ```rust /// # use sqlx_core::mysql::{MySqlSslMode, MySqlConnectOptions}; + /// + /// const CERT: &[u8] = b"\ + /// -----BEGIN CERTIFICATE----- + /// + /// -----END CERTIFICATE-----"; + /// /// let options = MySqlConnectOptions::new() /// .ssl_mode(MySqlSslMode::VerifyCa) - /// .ssl_client_cert_from_pem(vec![]); + /// .ssl_client_cert_from_pem(CERT); /// ``` pub fn ssl_client_cert_from_pem(mut self, cert: impl AsRef<[u8]>) -> Self { self.ssl_client_cert = Some(CertificateInput::Inline(cert.as_ref().to_vec())); @@ -243,15 +253,25 @@ impl MySqlConnectOptions { self } - /// Sets the SSL client key from a byte slice. + /// Sets the SSL client key as a PEM-encoded byte slice. + /// + /// This should be an ASCII-encoded blob that starts with `-----BEGIN PRIVATE KEY-----`. /// /// # Example + /// Note: embedding SSL certificates and keys in the binary is not advised. + /// This is for illustration purposes only. /// /// ```rust /// # use sqlx_core::mysql::{MySqlSslMode, MySqlConnectOptions}; + /// + /// const KEY: &[u8] = b"\ + /// -----BEGIN PRIVATE KEY----- + /// + /// -----END PRIVATE KEY-----"; + /// /// let options = MySqlConnectOptions::new() /// .ssl_mode(MySqlSslMode::VerifyCa) - /// .ssl_client_key_from_pem(vec![]); + /// .ssl_client_key_from_pem(KEY); /// ``` pub fn ssl_client_key_from_pem(mut self, key: impl AsRef<[u8]>) -> Self { self.ssl_client_key = Some(CertificateInput::Inline(key.as_ref().to_vec())); From a859ffa13edcc86d4c17ab73570f23a5c015d13e Mon Sep 17 00:00:00 2001 From: Austin Bonander Date: Mon, 25 Sep 2023 17:47:35 -0700 Subject: [PATCH 4/5] doc: apply missed suggestions from previous commit --- sqlx-postgres/src/options/mod.rs | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/sqlx-postgres/src/options/mod.rs b/sqlx-postgres/src/options/mod.rs index ddd2584a82..c719c2bf82 100644 --- a/sqlx-postgres/src/options/mod.rs +++ b/sqlx-postgres/src/options/mod.rs @@ -344,16 +344,26 @@ impl PgConnectOptions { self } - /// Sets the SSL client certificate from a byte slice. + /// Sets the SSL client certificate as a PEM-encoded byte slice. + /// + /// This should be an ASCII-encoded blob that starts with `-----BEGIN CERTIFICATE-----`. /// /// # Example + /// Note: embedding SSL certificates and keys in the binary is not advised. + /// This is for illustration purposes only. /// /// ```rust /// # use sqlx_core::postgres::{PgSslMode, PgConnectOptions}; + /// + /// const CERT: &[u8] = b"\ + /// -----BEGIN CERTIFICATE----- + /// + /// -----END CERTIFICATE-----"; + /// /// let options = PgConnectOptions::new() /// // Providing a CA certificate with less than VerifyCa is pointless /// .ssl_mode(PgSslMode::VerifyCa) - /// .ssl_client_cert_from_pem(vec![]); + /// .ssl_client_cert_from_pem(CERT); /// ``` pub fn ssl_client_cert_from_pem(mut self, cert: impl AsRef<[u8]>) -> Self { self.ssl_client_cert = Some(CertificateInput::Inline(cert.as_ref().to_vec())); @@ -376,16 +386,26 @@ impl PgConnectOptions { self } - /// Sets the SSL client key from a byte slice. + /// Sets the SSL client key as a PEM-encoded byte slice. + /// + /// This should be an ASCII-encoded blob that starts with `-----BEGIN PRIVATE KEY-----`. /// /// # Example + /// Note: embedding SSL certificates and keys in the binary is not advised. + /// This is for illustration purposes only. /// /// ```rust /// # use sqlx_core::postgres::{PgSslMode, PgConnectOptions}; + /// + /// const KEY: &[u8] = b"\ + /// -----BEGIN PRIVATE KEY----- + /// + /// -----END PRIVATE KEY-----"; + /// /// let options = PgConnectOptions::new() /// // Providing a CA certificate with less than VerifyCa is pointless /// .ssl_mode(PgSslMode::VerifyCa) - /// .ssl_client_key_from_pem(vec![]); + /// .ssl_client_key_from_pem(KEY); /// ``` pub fn ssl_client_key_from_pem(mut self, key: impl AsRef<[u8]>) -> Self { self.ssl_client_key = Some(CertificateInput::Inline(key.as_ref().to_vec())); From fe51e1c8a151470c4855a31db0a73228bb0d2dc2 Mon Sep 17 00:00:00 2001 From: Austin Bonander Date: Mon, 25 Sep 2023 17:53:56 -0700 Subject: [PATCH 5/5] fix: run `cargo fmt` --- sqlx-mysql/src/options/mod.rs | 8 ++++---- sqlx-postgres/src/options/mod.rs | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/sqlx-mysql/src/options/mod.rs b/sqlx-mysql/src/options/mod.rs index 4488434e5d..16c3f18868 100644 --- a/sqlx-mysql/src/options/mod.rs +++ b/sqlx-mysql/src/options/mod.rs @@ -219,12 +219,12 @@ impl MySqlConnectOptions { /// /// # Example /// Note: embedding SSL certificates and keys in the binary is not advised. - /// This is for illustration purposes only. + /// This is for illustration purposes only. /// /// ```rust /// # use sqlx_core::mysql::{MySqlSslMode, MySqlConnectOptions}; /// - /// const CERT: &[u8] = b"\ + /// const CERT: &[u8] = b"\ /// -----BEGIN CERTIFICATE----- /// /// -----END CERTIFICATE-----"; @@ -259,12 +259,12 @@ impl MySqlConnectOptions { /// /// # Example /// Note: embedding SSL certificates and keys in the binary is not advised. - /// This is for illustration purposes only. + /// This is for illustration purposes only. /// /// ```rust /// # use sqlx_core::mysql::{MySqlSslMode, MySqlConnectOptions}; /// - /// const KEY: &[u8] = b"\ + /// const KEY: &[u8] = b"\ /// -----BEGIN PRIVATE KEY----- /// /// -----END PRIVATE KEY-----"; diff --git a/sqlx-postgres/src/options/mod.rs b/sqlx-postgres/src/options/mod.rs index c719c2bf82..c7ac4fe193 100644 --- a/sqlx-postgres/src/options/mod.rs +++ b/sqlx-postgres/src/options/mod.rs @@ -350,12 +350,12 @@ impl PgConnectOptions { /// /// # Example /// Note: embedding SSL certificates and keys in the binary is not advised. - /// This is for illustration purposes only. + /// This is for illustration purposes only. /// /// ```rust /// # use sqlx_core::postgres::{PgSslMode, PgConnectOptions}; /// - /// const CERT: &[u8] = b"\ + /// const CERT: &[u8] = b"\ /// -----BEGIN CERTIFICATE----- /// /// -----END CERTIFICATE-----"; @@ -392,12 +392,12 @@ impl PgConnectOptions { /// /// # Example /// Note: embedding SSL certificates and keys in the binary is not advised. - /// This is for illustration purposes only. + /// This is for illustration purposes only. /// /// ```rust /// # use sqlx_core::postgres::{PgSslMode, PgConnectOptions}; /// - /// const KEY: &[u8] = b"\ + /// const KEY: &[u8] = b"\ /// -----BEGIN PRIVATE KEY----- /// /// -----END PRIVATE KEY-----";