SSL Support

.ci/config.ssl.json

@@ -0,0 +1,7 @@
+{
+    "Data": {
+      "ConnectionString": "server=127.0.0.1;user id=ssltest;password=test;port=3306;database=mysqltest;ssl mode=required;certificate file=.ci/ssl-client.pfx;Use Affected Rows=true",
+      "PasswordlessUser": "no_password",
+      "SupportsJson": true
+    }
+}

.ci/server.cnf

@@ -1,3 +1,6 @@
+# uses a seperate key for the server and clinet
+# this is how things should be run in production
+
 [mysqld]
 ssl-ca=/etc/mysql/conf.d/ssl-ca.pem
 ssl-cert=/etc/mysql/conf.d/ssl-server-cert.pem

.ci/server.debug

@@ -0,0 +1,11 @@
+# uses the same key for the server and client
+# uses a non-ephemeral cipher suite
+# allows for WireShark to decrypt packets given "ssl-client-key.pem"
+# go to "Edit -> Preferences", "Protocols", "SSL", and add RSA key
+# this is for testing, don't do this in production
+
+[mysqld]
+ssl-ca=/etc/mysql/conf.d/ssl-ca.pem
+ssl-cert=/etc/mysql/conf.d/ssl-client-cert.pem
+ssl-key=/etc/mysql/conf.d/ssl-client-key.pem
+ssl-cipher=AES128-SHA

.travis.yml

@@ -8,9 +8,9 @@ before_install:
   - sudo apt-key adv --keyserver apt-mo.trafficmanager.net --recv-keys 417A0893
   - sudo apt-get update
   - sudo apt-get install -y dotnet-dev-1.0.0-preview2-003121
-  - cp tests/SideBySide.New/config.json.example tests/SideBySide.New/config.json
 
 script:
   - dotnet restore
   - dotnet test tests/MySqlConnector.Tests --configuration Release
-  - dotnet test tests/SideBySide.New --configuration Release
+  - echo 'Executing tests with ssl mode=none' && cp tests/SideBySide.New/config.json.example tests/SideBySide.New/config.json && dotnet test tests/SideBySide.New --configuration Release
+  - echo 'Executing tests with ssl mode=required' && cp .ci/config.ssl.json tests/SideBySide.New/config.json && dotnet test tests/SideBySide.New --configuration Release

src/MySqlConnector/MySqlClient/ConnectionPool.cs

@@ -43,7 +43,7 @@ public async Task<MySqlSession> GetSessionAsync(IOBehavior ioBehavior, Cancellat
 				}
 
 				session = new MySqlSession(this, m_generation);
-				await session.ConnectAsync(m_servers, m_port, m_userId, m_password, m_database, ioBehavior, cancellationToken).ConfigureAwait(false);
+				await session.ConnectAsync(m_servers, m_port, m_userId, m_password, m_database, m_sslMode, m_certificateFile, m_certificatePassword, ioBehavior, cancellationToken).ConfigureAwait(false);
 				return session;
 			}
 			catch
@@ -124,8 +124,8 @@ public static ConnectionPool GetPool(MySqlConnectionStringBuilder csb)
 			ConnectionPool pool;
 			if (!s_pools.TryGetValue(key, out pool))
 			{
-				pool = s_pools.GetOrAdd(key, newKey => new ConnectionPool(csb.Server.Split(','), (int) csb.Port, csb.UserID,
-						csb.Password, csb.Database, csb.ConnectionReset, (int)csb.MinimumPoolSize, (int) csb.MaximumPoolSize));
+				pool = s_pools.GetOrAdd(key, newKey => new ConnectionPool(csb.Server.Split(','), (int) csb.Port, csb.UserID, csb.Password, csb.Database,
+					csb.SslMode, csb.CertificateFile, csb.CertificatePassword, csb.ConnectionReset, (int)csb.MinimumPoolSize, (int) csb.MaximumPoolSize));
 			}
 			return pool;
 		}
@@ -138,15 +138,18 @@ public static async Task ClearPoolsAsync(IOBehavior ioBehavior, CancellationToke
 				await pool.ClearAsync(ioBehavior, cancellationToken).ConfigureAwait(false);
 		}
 
-		private ConnectionPool(IEnumerable<string> servers, int port, string userId, string password, string database,
-			bool resetConnections, int minimumSize, int maximumSize)
+		private ConnectionPool(IEnumerable<string> servers, int port, string userId, string password, string database, SslMode sslMode,
+			string certificateFile, string certificatePassword, bool resetConnections, int minimumSize, int maximumSize)
 		{
 			m_servers = servers;
 			m_port = port;
 			m_userId = userId;
 			m_password = password;
 			m_database = database;
 			m_resetConnections = resetConnections;
+			m_sslMode = sslMode;
+			m_certificateFile = certificateFile;
+			m_certificatePassword = certificatePassword;
 			m_minimumSize = minimumSize;
 			m_maximumSize = maximumSize;
 
@@ -166,6 +169,9 @@ private ConnectionPool(IEnumerable<string> servers, int port, string userId, str
 		readonly string m_userId;
 		readonly string m_password;
 		readonly string m_database;
+		readonly SslMode m_sslMode;
+		readonly string m_certificateFile;
+		readonly string m_certificatePassword;
 		readonly bool m_resetConnections;
 		readonly int m_minimumSize;
 		readonly int m_maximumSize;

src/MySqlConnector/MySqlClient/MySqlConnection.cs

@@ -226,8 +226,8 @@ private async Task<MySqlSession> CreateSessionAsync(IOBehavior ioBehavior, Cance
 					else
 					{
 						var session = new MySqlSession();
-						await session.ConnectAsync(m_connectionStringBuilder.Server.Split(','), (int) m_connectionStringBuilder.Port, m_connectionStringBuilder.UserID,
-							m_connectionStringBuilder.Password, m_connectionStringBuilder.Database, ioBehavior, linkedSource.Token).ConfigureAwait(false);
+						await session.ConnectAsync(m_connectionStringBuilder.Server.Split(','), (int) m_connectionStringBuilder.Port, m_connectionStringBuilder.UserID, m_connectionStringBuilder.Password, m_connectionStringBuilder.Database,
+							m_connectionStringBuilder.SslMode, m_connectionStringBuilder.CertificateFile, m_connectionStringBuilder.CertificatePassword, ioBehavior, linkedSource.Token).ConfigureAwait(false);
 						return session;
 					}
 				}

src/MySqlConnector/MySqlClient/MySqlConnectionStringBuilder.cs

@@ -5,6 +5,14 @@
 
 namespace MySql.Data.MySqlClient
 {
+	public enum SslMode
+	{
+		None,
+		Required,
+		VerifyCa,
+		VerifyFull,
+	}
+
 	public sealed class MySqlConnectionStringBuilder : DbConnectionStringBuilder
 	{
 		public MySqlConnectionStringBuilder()
@@ -82,6 +90,24 @@ public bool UseCompression
 			set { MySqlConnectionStringOption.UseCompression.SetValue(this, value); }
 		}
 
+		public SslMode SslMode
+		{
+			get { return MySqlConnectionStringOption.SslMode.GetValue(this); }
+			set { MySqlConnectionStringOption.SslMode.SetValue(this, value); }
+		}
+
+		public string CertificateFile
+		{
+			get { return MySqlConnectionStringOption.CertificateFile.GetValue(this); }
+			set { MySqlConnectionStringOption.CertificateFile.SetValue(this, value); }
+		}
+
+		public string CertificatePassword
+		{
+			get { return MySqlConnectionStringOption.CertificatePassword.GetValue(this); }
+			set { MySqlConnectionStringOption.CertificatePassword.SetValue(this, value); }
+		}
+
 		public bool Pooling
 		{
 			get { return MySqlConnectionStringOption.Pooling.GetValue(this); }
@@ -179,6 +205,9 @@ internal abstract class MySqlConnectionStringOption
 		public static readonly MySqlConnectionStringOption<bool> OldGuids;
 		public static readonly MySqlConnectionStringOption<bool> PersistSecurityInfo;
 		public static readonly MySqlConnectionStringOption<bool> UseCompression;
+		public static readonly MySqlConnectionStringOption<SslMode> SslMode;
+		public static readonly MySqlConnectionStringOption<string> CertificateFile;
+		public static readonly MySqlConnectionStringOption<string> CertificatePassword;
 		public static readonly MySqlConnectionStringOption<bool> Pooling;
 		public static readonly MySqlConnectionStringOption<bool> ConnectionReset;
 		public static readonly MySqlConnectionStringOption<uint> ConnectionTimeout;
@@ -265,6 +294,18 @@ static MySqlConnectionStringOption()
 				keys: new[] { "Compress", "Use Compression", "UseCompression" },
 				defaultValue: false));
 
+			AddOption(CertificateFile = new MySqlConnectionStringOption<string>(
+				keys: new[] { "CertificateFile", "Certificate File" },
+				defaultValue: ""));
+
+			AddOption(CertificatePassword = new MySqlConnectionStringOption<string>(
+				keys: new[] { "CertificatePassword", "Certificate Password" },
+				defaultValue: ""));
+
+			AddOption(SslMode = new MySqlConnectionStringOption<SslMode>(
+				keys: new[] { "SSL Mode", "SslMode" },
+				defaultValue: MySqlClient.SslMode.None));
+
 			AddOption(Pooling = new MySqlConnectionStringOption<bool>(
 				keys: new[] { "Pooling" },
 				defaultValue: true));
@@ -334,6 +375,16 @@ private static T ChangeType(object objectValue)
 					return (T) (object) false;
 			}
 
+			if (typeof(T) == typeof(SslMode) && objectValue is string)
+			{
+				foreach (var val in Enum.GetValues(typeof(T)))
+				{
+					if (string.Equals((string) objectValue, val.ToString(), StringComparison.OrdinalIgnoreCase))
+						return (T) val;
+				}
+				throw new InvalidOperationException("Value '{0}' not supported for option '{1}'.".FormatInvariant(objectValue, typeof(T).Name));
+			}
+
 			return (T) Convert.ChangeType(objectValue, typeof(T), CultureInfo.InvariantCulture);
 		}
 

src/MySqlConnector/Protocol/Serialization/IPacketHandler.cs

@@ -5,6 +5,7 @@ namespace MySql.Data.Protocol.Serialization
 {
 	internal interface IPacketHandler
 	{
+		void SetByteHandler(IByteHandler byteHandler);
 		ValueTask<Packet> ReadPacketAsync(ProtocolErrorBehavior protocolErrorBehavior, IOBehavior ioBehavior);
 		ValueTask<int> WritePacketAsync(Packet packet, IOBehavior ioBehavior);
 	}

src/MySqlConnector/Protocol/Serialization/IPayloadHandler.cs

@@ -6,6 +6,7 @@ namespace MySql.Data.Protocol.Serialization
 {
 	internal interface IPayloadHandler
 	{
+		void SetByteHandler(IByteHandler byteHandler);
 		ValueTask<ArraySegment<byte>> ReadPayloadAsync(IConversation conversation, ProtocolErrorBehavior protocolErrorBehavior, IOBehavior ioBehavior);
 		ValueTask<int> WritePayloadAsync(IConversation conversation, ArraySegment<byte> payload, IOBehavior ioBehavior);
 	}

src/MySqlConnector/Protocol/Serialization/PacketHandler.cs

@@ -8,12 +8,18 @@ namespace MySql.Data.Protocol.Serialization
 {
 	internal sealed class PacketHandler : IPacketHandler
 	{
+
 		public PacketHandler(IByteHandler byteHandler)
 		{
 			m_byteHandler = byteHandler;
 			m_buffer = new byte[16384];
 		}
 
+		public void SetByteHandler(IByteHandler byteHandler)
+		{
+			m_byteHandler = byteHandler;
+		}
+
 		public ValueTask<Packet> ReadPacketAsync(ProtocolErrorBehavior protocolErrorBehavior, IOBehavior ioBehavior)
 		{
 			return ReadBytesAsync(0, m_buffer, 0, 4, ioBehavior)
@@ -73,7 +79,7 @@ private ValueTask<int> ReadBytesAsync(int previousBytesRead, byte[] buffer, int
 				});
 		}
 
-		private readonly IByteHandler m_byteHandler;
+		private IByteHandler m_byteHandler;
 		private readonly byte[] m_buffer;
 	}
 }

src/MySqlConnector/Protocol/Serialization/PayloadHandler.cs

@@ -11,6 +11,11 @@ public PayloadHandler(IPacketHandler packetHandler)
 			m_packetHandler = packetHandler;
 		}
 
+		public void SetByteHandler(IByteHandler byteHandler)
+		{
+			m_packetHandler.SetByteHandler(byteHandler);
+		}
+
 		public ValueTask<ArraySegment<byte>> ReadPayloadAsync(IConversation conversation, ProtocolErrorBehavior protocolErrorBehavior, IOBehavior ioBehavior) =>
 			ReadPayloadAsync(default(ArraySegment<byte>), conversation, protocolErrorBehavior, ioBehavior);
 

src/MySqlConnector/Protocol/Serialization/SslByteHandler.cs

@@ -5,10 +5,8 @@
 
 namespace MySql.Data.Protocol.Serialization
 {
-	internal class SslByteHandler : IByteHandler
+	internal sealed class SslByteHandler : IByteHandler
 	{
-		private readonly SslStream m_sslStream;
-
 		public SslByteHandler(SslStream sslStream)
 		{
 			m_sslStream = sslStream;
@@ -23,7 +21,7 @@ public ValueTask<int> ReadBytesAsync(byte[] buffer, int offset, int count, IOBeh
 
 		public async Task<int> DoReadBytesAsync(byte[] buffer, int offset, int count)
 		{
-			return await m_sslStream.ReadAsync(buffer, offset, count);
+			return await m_sslStream.ReadAsync(buffer, offset, count).ConfigureAwait(false);
 		}
 
 		public ValueTask<int> WriteBytesAsync(ArraySegment<byte> payload, IOBehavior ioBehavior)
@@ -41,9 +39,10 @@ public ValueTask<int> WriteBytesAsync(ArraySegment<byte> payload, IOBehavior ioB
 
 		private async Task<int> DoWriteBytesAsync(ArraySegment<byte> payload)
 		{
-			await m_sslStream.ReadAsync(payload.Array, payload.Offset, payload.Count);
+			await m_sslStream.WriteAsync(payload.Array, payload.Offset, payload.Count).ConfigureAwait(false);
 			return default(int);
 		}
 
+		private readonly SslStream m_sslStream;
 	}
 }

src/MySqlConnector/Serialization/HandshakeResponse41Packet.cs

@@ -6,10 +6,8 @@ namespace MySql.Data.Serialization
 {
 	internal sealed class HandshakeResponse41Packet
 	{
-		public static byte[] Create(InitialHandshakePacket handshake, string userName, string password, string database)
+		internal static PayloadWriter CapabilitiesPayload(string database, ProtocolCapabilities additionalCapabilities=0)
 		{
-			// TODO: verify server capabilities
-
 			var writer = new PayloadWriter();
 
 			writer.WriteInt32((int) (
@@ -21,12 +19,29 @@ public static byte[] Create(InitialHandshakePacket handshake, string userName, s
 				ProtocolCapabilities.MultiStatements |
 				ProtocolCapabilities.MultiResults |
 				ProtocolCapabilities.PreparedStatementMultiResults |
-				(string.IsNullOrWhiteSpace(database) ? 0 : ProtocolCapabilities.ConnectWithDatabase)));
+				(string.IsNullOrWhiteSpace(database) ? 0 : ProtocolCapabilities.ConnectWithDatabase) |
+				additionalCapabilities));
 			writer.WriteInt32(0x40000000);
 			writer.WriteByte((byte) CharacterSet.Utf8Mb4Binary);
 			writer.Write(new byte[23]);
-			writer.WriteNullTerminatedString(userName);
 
+			return writer;
+		}
+
+		public static byte[] InitSsl(string database)
+		{
+			return CapabilitiesPayload(
+				database,
+				ProtocolCapabilities.Ssl
+			).ToBytes();
+		}
+
+		public static byte[] Create(InitialHandshakePacket handshake, string userName, string password, string database)
+		{
+			// TODO: verify server capabilities
+
+			var writer = CapabilitiesPayload(database);
+			writer.WriteNullTerminatedString(userName);
 			var authenticationResponse = AuthenticationUtility.CreateAuthenticationResponse(handshake.AuthPluginData, 0, password);
 			writer.WriteByte((byte) authenticationResponse.Length);
 			writer.Write(authenticationResponse);