Add mysql secure connection function (closes #277)

docs/authenticator.md

@@ -1,6 +1,6 @@
 # Authenticator
 
-Trojan servers can authenticate users according to not only passwords in the config file but also entries in a MySQL (MariaDB) database. To turn this functionality on, set `enabled` field in the MySQL config to `true` and correctly configure the server address and credentials, etc:
+Trojan servers can authenticate users according to not only passwords in the config file but also entries in a MySQL (MariaDB) database. To turn this functionality on, set `enabled` field in the MySQL config to `true` and correctly configure the server address, credentials, and etc. If you would like to connect to the database securely, you can to fill the `cafile` field indicating the CA file:
 
 ```json
 "mysql": {
@@ -9,7 +9,8 @@ Trojan servers can authenticate users according to not only passwords in the con
     "server_port": 3306,
     "database": "trojan",
     "username": "trojan",
-    "password": ""
+    "password": "",
+    "cafile": ""
 }
 ```
 

docs/config.md

@@ -195,7 +195,8 @@ The NAT config is for transparent proxy. You'll need to [setup iptables rules](h
         "server_port": 3306,
         "database": "trojan",
         "username": "trojan",
-        "password": ""
+        "password": "",
+        "cafile": ""
     }
 }
 ```

examples/server.json-example

@@ -40,6 +40,7 @@
         "server_port": 3306,
         "database": "trojan",
         "username": "trojan",
-        "password": ""
+        "password": "",
+        "cafile": ""
     }
 }

src/core/authenticator.cpp

@@ -27,6 +27,9 @@ using namespace std;
 Authenticator::Authenticator(const Config &config) {
     mysql_init(&con);
     Log::log_with_date_time("connecting to MySQL server " + config.mysql.server_addr + ':' + to_string(config.mysql.server_port), Log::INFO);
+    if (config.mysql.cafile != "") {
+        mysql_ssl_set(&con, NULL, NULL, config.mysql.cafile.c_str(), NULL, NULL);
+    }
     if (mysql_real_connect(&con, config.mysql.server_addr.c_str(),
                                  config.mysql.username.c_str(),
                                  config.mysql.password.c_str(),

src/core/config.cpp

@@ -98,6 +98,7 @@ void Config::populate(const ptree &tree) {
     mysql.database = tree.get("mysql.database", string("trojan"));
     mysql.username = tree.get("mysql.username", string("trojan"));
     mysql.password = tree.get("mysql.password", string());
+    mysql.cafile = tree.get("mysql.cafile", string());
 }
 
 bool Config::sip003() {

src/core/config.h

@@ -78,6 +78,7 @@ class Config {
         std::string database;
         std::string username;
         std::string password;
+        std::string cafile;
     } mysql;
     void load(const std::string &filename);
     void populate(const std::string &JSON);

tests/LinuxSmokeTest/server.json

@@ -35,6 +35,7 @@
         "server_port": 0,
         "database": "",
         "username": "",
-        "password": ""
+        "password": "",
+        "cafile": ""
     }
 }