database parameters are "cert-file", "key-file",
"trust-anchor" and "cipher-list". The negotiated cipher
name is logged so the MySQL service configuration can
- be checked... PostgreSQL accepts the same parameters
- but they only trigger on a call to the OpenSSL generic
+ be checked. PostgreSQL accepts the same parameters
+ but they only trigger the call to the OpenSSL generic
initialization in the Pq C-API.
(Gitlab #34)
section in the <a href="https://kea.readthedocs.io/">Kea Administrator
Reference Manual</a>).
- @subsection mysqlUnitTestsILS MySQL Database with SSL/TLS
+ @subsection mysqlUnitTestsTLS MySQL Database with SSL/TLS
Usually MySQL is compiled with SSL/TLS support using OpenSSL.
This is easy to verify using the:
"cert-file": "my-cert",
// Private key file name.
- "key-file": "my key",
+ "key-file": "my-key",
- // Cipher list (see the OpenSSL ciohers command manual).
+ // Cipher list (see the OpenSSL ciphers command manual).
"cipher-list": "AES"
},
{
"cert-file": "my-cert",
// Private key file name.
- "key-file": "my key",
+ "key-file": "my-key",
- // Cipher list (see the OpenSSL ciohers command manual).
+ // Cipher list (see the OpenSSL ciphers command manual).
"cipher-list": "AES"
},
{
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Usually the PostgreSQL database client library is built with the OpenSSL
-support but in the case it was not Kea can be configured to handle this
-case:
+support but Kea can be configured to handle the case where it is not
+supported:
.. code-block:: console
- $ ./configure [other-options] --disable-pgsql-ssl
+ $ ./configure [other-options] --disable-pgsql-ssl
.. _cql-database:
- MySQL supports the whole set, additional configuration must be done
in the MySQL local setup, for instance certificate revocation list,
- choice of a specific TLS version, mutual authentication, ...
+ choice of a specific TLS version, mutual authentication, etc.
When a TLS connection was required but the actual connection is in
clear text an error log is emitted.
string connectionString(const char* type, const char* name, const char* host,
const char* user, const char* password,
- const char* timeout, const char* readonly_db,
- const char* cert_file, const char* key_file,
- const char* trust_anchor, const char* cipher) {
+ const char* timeout, const char* readonly_db,
+ const char* cert_file, const char* key_file,
+ const char* trust_anchor, const char* cipher) {
const string space = " ";
string result = "";
return (true);
}
-};
-};
-};
+}
+}
+}
const char* host = 0, const char* user = 0,
const char* password = 0, const char* timeout = 0,
const char* readonly_db = 0,
- const char* cert_file = 0,
- const char* key_file = 0,
- const char* trust_anchor = 0,
- const char* cipher = 0);
+ const char* cert_file = 0,
+ const char* key_file = 0,
+ const char* trust_anchor = 0,
+ const char* cipher = 0);
/// @brief Determines if wiping only the data between tests is enabled
///
/// defined as "true" or if it is not present.
bool softWipeEnabled();
-};
-};
-};
+}
+}
+}
#endif
if HAVE_MYSQL
run_benchmarks_LDADD += $(top_builddir)/src/lib/mysql/testutils/libmysqltest.la
+run_benchmarks_LDADD += $(top_builddir)/src/lib/mysql/libkea-mysql.la
endif
if HAVE_PGSQL
% DHCPSRV_PGSQL_NO_TLS_SUPPORT Attempt to configure TLS (unsupported for PostgreSQL): %1
This error message is printed when TLS support was required in the Kea
-configuration: Kea was built with this feature was disabled for PostgreSQL.
+configuration: Kea was built with this feature disabled for PostgreSQL.
The parameters of the connection are logged.
% DHCPSRV_PGSQL_ROLLBACK rolling back PostgreSQL database
return (tls_);
}
- /// @brief Get the TLS cipher
+ /// @brief Get the TLS cipher.
///
/// This method is used to check if required TLS was setup.
std::string getTlsCipher() {
EXPECT_EQ(MYSQL_SCHEMA_VERSION_MINOR, version.second);
}
-/// @brief Test fixture class for secure connection.
+/// @brief Test fixture class for secure connection.
class MySqlSecureConnectionTest : public ::testing::Test {
public:
bool hasMySQLTls() {
std::string tls = getMySQLTlsEnv();
if (tls.empty()) {
- tls = getMySQLTlsEnv();
+ tls = getMySQLTlsServer();
}
return (tls == "YES");
}
try {
std::cout << "getMySQLTlsServer returns '" << getMySQLTlsServer() << "'\n";
} catch (const isc::Exception& ex) {
- std::cerr << "getMySQLTlsServer fails with " << ex.what() << "\n";
+ std::cerr << "getMySQLTlsServer fails with " << ex.what() << "\n";
}
}
/// @brief Function invoked to process fetched row.
typedef std::function<void(PgSqlResult&, int)> ConsumeResultRowFun;
- /// @brief Emit once the TLS support warning.
+ /// @brief Emit the TLS support warning only once.
static bool warned_about_tls;
/// @brief Constructor
/// @brief Is a directory predicate.
///
/// @param name The file or directory name.
-/// @return True if the name points to a directory, false if not including
+/// @return True if the name points to a directory, false otherwise including
/// if the pointed location does not exist.
bool isDir(const std::string& name);
projects / thirdparty / kea.git / commitdiff
