upgrade Amazon RDS certificates

kneemer · Feb 23, 2015 · 9c0f343 · 9c0f343
1 parent 2559b3a
commit 9c0f343
Show file tree

Hide file tree

Showing 4 changed files with 289 additions and 40 deletions.
diff --git a/fixtures/ssl-profiles.json b/fixtures/ssl-profiles.json
diff --git a/lib/connection.js b/lib/connection.js
@@ -164,45 +164,34 @@ Connection.prototype.writePacket = function(packet) {
 };
 
 Connection.prototype.startTLS = function(onSecure) {
+  if (this.config.debug) {
+    console.log('Upgrading connection to TLS');
+  }
   var connection = this;
   var crypto = require('crypto');
   var tls = require('tls');
   var config = this.config;
   var stream = this.stream;
 
-  // special case for Amazon RDS: use http://s3.amazonaws.com/rds-downloads/mysql-ssl-ca-cert.pem CA cert if ssl option set to "Amazon RDS"
-  if (config.ssl === 'Amazon RDS') {
-    var fs = require('fs');
-    var path = require('path');
-    fs.readFile(path.resolve(__dirname, '../fixtures/mysql-ssl-ca-cert.pem'), function(err, ca) {
-      if (err) throw err;
-      config.ssl = { ca: ca };
-      after();
-    });
-  } else
-    after();
-
-  function after() {
-    var credentials = crypto.createCredentials({
-      key: config.ssl.key,
-      cert: config.ssl.cert,
-      passphrase: config.ssl.passphrase,
-      ca: config.ssl.ca
-    });
-    var securePair = tls.createSecurePair(credentials, false);
-    if (stream.ondata)
-      stream.ondata = null;
-    stream.removeAllListeners('data');
-    stream.pipe(securePair.encrypted);
-    securePair.encrypted.pipe(stream);
-    securePair.cleartext.on('data', function(data) {
-      connection.packetParser.execute(data.parent, data.offset, data.offset + data.length);
-    });
-    connection.write = function(buffer) {
-      securePair.cleartext.write(buffer);
-    };
-    securePair.on('secure', onSecure);
-  }
+  var credentials = crypto.createCredentials({
+    key: config.ssl.key,
+    cert: config.ssl.cert,
+    passphrase: config.ssl.passphrase,
+    ca: config.ssl.ca
+  });
+  var securePair = tls.createSecurePair(credentials, false);
+  if (stream.ondata)
+    stream.ondata = null;
+  stream.removeAllListeners('data');
+  stream.pipe(securePair.encrypted);
+  securePair.encrypted.pipe(stream);
+  securePair.cleartext.on('data', function(data) {
+    connection.packetParser.execute(data);
+  });
+  connection.write = function(buffer) {
+    securePair.cleartext.write(buffer);
+  };
+  securePair.on('secure', onSecure);
 };
 
 // TODO: this does not work if uncompressed packet is split by compressed
@@ -302,7 +291,7 @@ Connection.prototype.handlePacket = function(packet) {
   if (this.config.debug) {
     if (packet) {
       console.log(this._internalId + ' ' + this.connectionId + ' ==> ' + this._command._commandName + '#' + this._command.stateName() + '(' + [packet.sequenceId, packet.type(), packet.length()].join(',') + ')');
-      console.log(' raw: ' + packet.buffer.slice(packet.offset, packet.offset + packet.length).toString('hex'));
+      console.log(' raw: ' + packet.buffer.slice(packet.offset, packet.offset + packet.length()).toString('hex'));
     }
   }
   var done = this._command.execute(packet, this);

diff --git a/lib/connection_config.js b/lib/connection_config.js
@@ -110,7 +110,7 @@ ConnectionConfig.getCharsetNumber = function getCharsetNumber(charset) {
 
 ConnectionConfig.getSSLProfile = function getSSLProfile(name) {
   if (!SSLProfiles) {
-    SSLProfiles = require('./../fixtures/ssl-profiles.json');
+    SSLProfiles = require('./constants/ssl_profiles.js');
   }
 
   var ssl = SSLProfiles[name];