[GitHub] [doris] gavinchou commented on a diff in pull request #16340: [feature](mysql) Support secure MySQL connection to FE

Wed, 01 Feb 2023 19:31:16 -0800 


gavinchou commented on code in PR #16340:
URL: https://github.com/apache/doris/pull/16340#discussion_r1093967403


##########
fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlProto.java:
##########
@@ -45,6 +45,7 @@
 // MySQL protocol util
 public class MysqlProto {
     private static final Logger LOG = LogManager.getLogger(MysqlProto.class);
+    public static final boolean USE_SSL = Config.enable_ssl;

Review Comment:
   Redundant, Config.enable_ssl is enough.



##########
fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlCapability.java:
##########
@@ -75,7 +75,14 @@ public String toString() {
     private static final int DEFAULT_FLAGS = 
Flag.CLIENT_PROTOCOL_41.getFlagBit()
             | Flag.CLIENT_CONNECT_WITH_DB.getFlagBit() | 
Flag.CLIENT_SECURE_CONNECTION.getFlagBit()
             | Flag.CLIENT_PLUGIN_AUTH.getFlagBit() | 
Flag.CLIENT_LOCAL_FILES.getFlagBit();
+
+    private static final int SSL_FLAGS = Flag.CLIENT_PROTOCOL_41.getFlagBit()

Review Comment:
   Flag.CLIENT_LOCAL_FILES.getFlagBit() | Config.enable_ssl ? Falg : 1;



##########
fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlProto.java:
##########
@@ -170,8 +171,44 @@ public static boolean negotiate(ConnectContext context) 
throws IOException {
             LOG.debug("Send and flush channel exception, ignore.", e);
             return false;
         }
+
+        // Server receive request packet from client, we need to determine 
which request type it is.
+        ByteBuffer clientRequestPacket = channel.fetchOnePacket();
+        MysqlCapability capability = new 
MysqlCapability(MysqlProto.readLowestInt4(clientRequestPacket));
+
+        // Server receive SSL connection request packet from client.
+        ByteBuffer sslConnectionRequest;
         // Server receive authenticate packet from client.
-        ByteBuffer handshakeResponse = channel.fetchOnePacket();
+        ByteBuffer handshakeResponse;
+
+        if (capability.isSsl()) {
+            // During development, we set SSL mode to true by default
+            if (USE_SSL) {

Review Comment:
   Config.enable_ssl



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to