Minor fixes to MySQL SSL support

trojan-gfw · Mar 22, 2020 · 0b92c6c · 0b92c6c
1 parent fadbfba
commit 0b92c6c
Show file tree

Hide file tree

Showing 7 changed files with 8 additions and 15 deletions.
diff --git a/docs/authenticator.md b/docs/authenticator.md
@@ -1,6 +1,6 @@
 # Authenticator
 
-Trojan servers can authenticate users according to not only passwords in the config file but also entries in a MySQL (MariaDB) database. To turn this functionality on, set `enabled` field in the MySQL config to `true` and correctly configure the server address, credentials, and etc. If you would like to connect to the database securely, you can to fill the `cafile` and/or the `tls_version` field (refer to [MySQL Documentation](https://dev.mysql.com/doc/refman/8.0/en/encrypted-connection-protocols-ciphers.html)):
+Trojan servers can authenticate users according to not only passwords in the config file but also entries in a MySQL (MariaDB) database. To turn this functionality on, set `enabled` field in the MySQL config to `true` and correctly configure the server address, credentials, and etc. If you would like to connect to the database securely, you can to fill the `cafile` field indicating the CA file:
 
 ```json
 "mysql": {
@@ -10,8 +10,7 @@ Trojan servers can authenticate users according to not only passwords in the con
     "database": "trojan",
     "username": "trojan",
     "password": "",
-    "cafile": "",
-    "tls_version": ""
+    "cafile": ""
 }
 ```
 

diff --git a/docs/config.md b/docs/config.md
@@ -196,8 +196,7 @@ The NAT config is for transparent proxy. You'll need to [setup iptables rules](h
         "database": "trojan",
         "username": "trojan",
         "password": "",
-        "cafile": "",
-        "tls_version": ""
+        "cafile": ""
     }
 }
 ```

diff --git a/examples/server.json-example b/examples/server.json-example
@@ -40,8 +40,7 @@
         "server_port": 3306,
         "database": "trojan",
         "username": "trojan",
-        "password": ""，
-        "cafile": "",
-        "tls_version": ""
+        "password": "",
+        "cafile": ""
     }
 }
diff --git a/src/core/authenticator.cpp b/src/core/authenticator.cpp
@@ -28,10 +28,7 @@ Authenticator::Authenticator(const Config &config) {
     mysql_init(&con);
     Log::log_with_date_time("connecting to MySQL server " + config.mysql.server_addr + ':' + to_string(config.mysql.server_port), Log::INFO);
     if (config.mysql.cafile != "") {
-        mysql_options(&con, MYSQL_OPT_SSL_CA, config.mysql.cafile.c_str());
-    }
-    if (config.mysql.tls_version != "") {
-        mysql_optionsv(&con, MARIADB_OPT_TLS_VERSION, config.mysql.tls_version.c_str());
+        mysql_ssl_set(&con, NULL, NULL, config.mysql.cafile.c_str(), NULL, NULL);
     }
     if (mysql_real_connect(&con, config.mysql.server_addr.c_str(),
                                  config.mysql.username.c_str(),

diff --git a/src/core/config.cpp b/src/core/config.cpp
@@ -99,7 +99,6 @@ void Config::populate(const ptree &tree) {
     mysql.username = tree.get("mysql.username", string("trojan"));
     mysql.password = tree.get("mysql.password", string());
     mysql.cafile = tree.get("mysql.cafile", string());
-    mysql.tls_version = tree.get("mysql.tls_version", string());
 }
 
 bool Config::sip003() {

diff --git a/src/core/config.h b/src/core/config.h
@@ -79,7 +79,6 @@ class Config {
         std::string username;
         std::string password;
         std::string cafile;
-        std::string tls_version;
     } mysql;
     void load(const std::string &filename);
     void populate(const std::string &JSON);

diff --git a/tests/LinuxSmokeTest/server.json b/tests/LinuxSmokeTest/server.json
@@ -35,6 +35,7 @@
         "server_port": 0,
         "database": "",
         "username": "",
-        "password": ""
+        "password": "",
+        "cafile": ""
     }
 }