implement TLS options for SQLx databases

rwf2 · Aug 26, 2023 · 2ee96ce · 2ee96ce
1 parent 26a3f00
commit 2ee96ce
Show file tree

Hide file tree

Showing 4 changed files with 53 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -31,3 +31,6 @@ scripts/redirect.html
 
 # Uploads in pastebin example.
 examples/pastebin/upload/*
+
+# Editor/IDE configurations
+.vscode/
diff --git a/contrib/db_pools/lib/Cargo.toml b/contrib/db_pools/lib/Cargo.toml
@@ -22,6 +22,8 @@ sqlx_mysql = ["sqlx", "sqlx/mysql"]
 sqlx_postgres = ["sqlx", "sqlx/postgres"]
 sqlx_sqlite = ["sqlx", "sqlx/sqlite"]
 sqlx_macros = ["sqlx/macros"]
+sqlx_native_tls = ["sqlx/tls-native-tls"]
+sqlx_rustls = ["sqlx/tls-rustls"]
 # diesel features
 diesel_postgres = ["diesel-async/postgres", "diesel-async/deadpool", "diesel", "deadpool"]
 diesel_mysql = ["diesel-async/mysql", "diesel-async/deadpool", "diesel", "deadpool"]

diff --git a/contrib/db_pools/lib/src/config.rs b/contrib/db_pools/lib/src/config.rs
@@ -1,4 +1,5 @@
 use rocket::serde::{Deserialize, Serialize};
+use std::path::PathBuf;
 
 /// Base configuration for all database drivers.
 ///
@@ -36,6 +37,9 @@ use rocket::serde::{Deserialize, Serialize};
 ///             max_connections: 1024,
 ///             connect_timeout: 3,
 ///             idle_timeout: None,
+///             ssl_root_cert: None,
+///             ssl_client_cert: None,
+///             ssl_client_key: None
 ///         }));
 ///
 ///     rocket::custom(figment)
@@ -80,4 +84,17 @@ pub struct Config {
     ///
     /// _Default:_ `None`.
     pub idle_timeout: Option<u64>,
+    /// Sets the name of a file containing SSL certificate authority (CA) certificate(s).
+    /// If the file exists, the server’s certificate will be verified to be signed by one of these authorities.
+    ///
+    /// _Default:_ `None`.
+    pub ssl_root_cert: Option<PathBuf>,
+    /// Sets the name of a file containing SSL client certificate.
+    ///
+    /// _Default:_ `None`.
+    pub ssl_client_cert: Option<PathBuf>,
+    /// Sets the name of a file containing SSL client key.
+    ///
+    /// _Default:_ `None`.
+    pub ssl_client_key: Option<PathBuf>,
 }
diff --git a/contrib/db_pools/lib/src/pool.rs b/contrib/db_pools/lib/src/pool.rs
@@ -240,6 +240,37 @@ mod sqlx {
                 .busy_timeout(Duration::from_secs(__config.connect_timeout))
                 .create_if_missing(true);
         }
+
+        #[cfg(feature = "sqlx_postgres")]
+        if let Some(o) = __options.downcast_mut::<sqlx::postgres::PgConnectOptions>() {
+            if let Some(ref ssl_root_cert) = __config.ssl_root_cert {
+                *o = std::mem::take(o).ssl_root_cert(ssl_root_cert);
+            }
+
+            if let Some(ref ssl_client_cert) = __config.ssl_client_cert {
+                *o = std::mem::take(o).ssl_client_cert(ssl_client_cert);
+            }
+
+            if let Some(ref ssl_client_key) = __config.ssl_client_key {
+                *o = std::mem::take(o).ssl_client_key(ssl_client_key);
+            }
+        }
+
+        #[cfg(feature = "sqlx_mysql")]
+        if let Some(o) = __options.downcast_mut::<sqlx::mysql::MySqlConnectOptions>() {
+            if let Some(ref ssl_root_cert) = __config.ssl_root_cert {
+                *o = std::mem::take(o).ssl_ca(ssl_root_cert);
+            }
+
+            if let Some(ref ssl_client_cert) = __config.ssl_client_cert {
+                *o = std::mem::take(o).ssl_client_cert(ssl_client_cert);
+            }
+
+            if let Some(ref ssl_client_key) = __config.ssl_client_key {
+                *o = std::mem::take(o).ssl_client_key(ssl_client_key);
+            }
+        }
+
     }
 
     #[rocket::async_trait]