ssl_external_kms_info 配置项用于记录 OceanBase 数据库 SSL 功能运行依赖的一些信息，通过 json 字符串方式记录不同 SSL 使用方式下依赖的相关配置，json 中至少包含类型 ssl_mode 字段。

使用说明：

• 该配置项的默认值为空字符串。当 SSL 开关打开后，SSL 使用密钥将取值默认路径下的默认文件。

• 该配置项取值必须为有效 json，否则配置项设置会检查失败。

• 该配置项当前仅 ssl_mode 的取值有两种：file 和 bkmi。

  • 指定为 file 时， json 字符串中不需要其他内容。

  • 指定为 bkmi 时，运行时向 bkmi 获取 SSL 文件，本地不持久化存储。同时，json 字符串还需要提供完整的应用名、bkmi url、bkmi 根证书、身份秘钥、身份秘钥口令、SSL 私钥名称、SSL 私钥版本号、SSL 证书名称等。并且这些信息确实有效可用，即能通过这些从 bkmi 中获取私钥和证书，否则会报响应错误码。

为了支持外部其他各自的证书颁发体系，ssl_external_kms_info 还可以定制扩展为其他内容 json 串。

示例如下：

obclient> ALTER SYSTEM SET external_ssl_info = '
{
"ssl_mode":"file"
}';
obclient> ALTER SYSTEM SET external_ssl_info = '
{
"ssl_mode":"bkmi",
"kms_host":"http://bkmi.test.alipay.net/bkmi/api", 
"root_cert": 
"-----BEGIN CERTIFICATE-----
MIIDqTCCApGgAwIBAgIHBXbH+VUEQTANBgkqhkiG9w0BAQsFADBaMSwwKgYDVQQD
DCNBbnQgRmluYW5hY2lhbCBJbnRyYW5ldCBDQSBSb290IFJTQTEXMBUGA1UECgwO
QW50IEZpbmFuYWNpYWwxETAPBgNVBAsMCEludHJhbmV0MB4XDTE4MDkyNjE1MzUz
N1oXDTQ4MDkyNjE1MzUzN1owWjEsMCoGA1UEAwwjQW50IEZpbmFuYWNpYWwgSW50
cmFuZXQgQ0EgUm9vdCBSU0ExFzAVBgNVBAoMDkFudCBGaW5hbmFjaWFsMREwDwYD
VQQLDAhJbnRyYW5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJlz
hgCvUVB7wE4/V4Oj9Gq0Qji5dlIF2AyQ/L6xG/aM2cXmhxm7hhschhb6ERgf5z70
lX5G22XLkH97mkZbX19aCH6xMmvVUaWpKpC1vrW+ZL8nLzWl8UXVONgqa1NvkIz2
qUJNdGVgFXaSlH4EaK9FzklpHj1uo8KJdC6m33z8eoFpLREycbSkxISATseQF1y0
WhpvZ0qB6aRft7OM4B1G0tu1+dlZ3Sh6rrCwR+yCw8vfYR4cUA9e8WFU7YciuTXK
l/1q3LfzU8LCe0Gtv29Ahk8Zb6lG7/XHwHG8diuKvyq4qlTNp/SjCJbuUx6RSBjD
zP1nRacRuKrxI9ybZ8MCAwEAAaN0MHIwHwYDVR0jBBgwFoAUmtzqDGWl1NWKvUAi
yR877VbODwAwHQYDVR0OBBYEFJrc6gxlpdTVir1AIskfO+1Wzg8AMA8GA1UdEwEB
/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA8GA1UdJQQIMAYGBFUdJQAwDQYJKoZI
hvcNAQELBQADggEBAEa4NJ8y4OJLpbCC7SCGrGGTJ+ssbVIJdji21F3dn5yIPQfd
M/PM84y2cy6Tp9cvaDjOtagZ2e1Et5TeGZHiUeqlAjWDtY5lgGvJ80VwpxAUDhKn
LGfSMZo1v1gKKVxgh+iaof2L1UCtep5ETsYKeXLkgWsHYBFzqBlhiAZGuQVzaH7T
I66rtw6gOAmJuWoJlJyhVxg0vCgcl0ExaK3LRhkodzGHIonyaEtRCynpgJ4DmIjH
1I7OVqjdHhdt98U2A8oZVNcuwHLkfyXIC6Iu3GVs5IsQudiQwTW/kIOR+Chvu/lC
b/VmGj0MhvmYYc494vWdcNcfED/HPNshio66aiU=
-----END CERTIFICATE-----
",
"private_key": 
"-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,D1CE2F7C3BD77CB130E563CDECB4AB5E
NyTth6D4/xeeQ59tn7pGDBhxbGaAsQpTowATdRRnK3Xn4M7lFo1khTUgfKL+eKPz
5RRf85LfIl4P8/VCgpEsExnaIR/M5FoP3vYIMy3u9cyowG3ioMaQ1ZA/zFdq8jWb
4H5/GL8Zi7B/nj8dCy7L1gLC5KOpGZLq3wvyxHMl5+X5fbHvb9KJjsW2eFPL9KEI
yKMRpXET7F0JIBNVHKMX+cUvzXLxH1klHRYSzAWfvoW+wXweKveSvn7wFAxoBjsk
UtnQ/tZvdfqOYMyfwfb4yNGaQjvN0pfYKWvGu1mqajpPNVJ96n9onArV40I7/Q2D
51eDFQ8op/0sygZiU1rurTQnvrvZnvgASrqIDdUQBPJaYLQmDIxc7Wo1Qr6cFKMv
kLNCihBNMar5+LsigyTdb+0VlwgcYtVMUlh8O282LqC11NkVJfAAvDYxZq+SFF1a
hm7D0n9DFT4A2eeXerwNXyk2fAaw8KX12TpXWanRaB1NW2cX9XmzjMQuk04xNLVK
DDMHKUDctBBvYHaBAjkUQT2smRH4ETosiQHcI91iuj2DZ6u/T0uUG3N7gHV3KSOX
DWUBtr/Xok9YuBICJ4gE/tIvH4gaqAqSEWb9TeeSCrX5VdQw03tPWUYKcr9M08Zj
LOMFdlmMOhRbmsglZy9/D+HVShp343DoZqKIO1A1aGYrzDV6izwI1K1an1ugOF3X
2czjyeuMtcz2ZFEhuGYekRiTx+ifu2scRnx2vndi9+RESUhh37BeseQgsENIsaw+
5SVJlRgxk8N2hSiA8AWAJ/xpgyhYNL3KjAfh2tfH+jUtrN48kaa4JPeYykpk2kDi
OwQD0VhxjAT0ggyeBDbVNat+0w42i9oxpafBx2pCAbnK+WDnnLbUzgobz296fkO1
H0UUqKBmi28Jntq3ubbg989LRH3VdvOXFvvgI3k2nqKLjzSCZt4MkAH+fo6cFtTf
q2S+geomeYBCGCSF/bgmk1Q/o9e2qPU4XuYcbM0T2ALwW4vYqv9DmORAfXZV/pg4
myt1tgsnsUig5UMNIW/g7Q9hnVFzUjOKRwLff+sGKhXwmNHKpJVGaWNaESJ0YAAe
ESMMOrEW5kiqRqIbZx52NVwb85rb6ozkm8vR4ApLNNqQ/ylAd4H3zA3bByXn3uTx
7tfksErzsD8seL3yvQV5hkbB8PkQIXCTyL+zbp4+bNk8v3zj9/7BRqpQl0eMJ4oS
0vjkYgzkhBsQY3tvRH3PkodUy1yhc+1ZOjOcmX4lAMW1+vP5XsESM+GESDp3Czp6
DlfiHbAlGBouWisY63hQtxVQtOboLzWmXwBGv2ENCf5NdW8tT2rWdxVcWOCW/1YE
dZ3/Q43GK0rqQw/j6MN4xOY7JuiBftZiBkLv57UIxUH1owIMR501QLnhq7Olgz+V
Edli5gWpO6OFNGYFhHc8B4FmTq+UUX4bdya/ajbVL/JWH6fjBJsvculQaJGV+Po6
0Ythfdurd/V0H/s9IkA3XGGckN+XacKpsgr+25kAG5SrdnnZkTVeg1+O/VHiupQw
OkKlD717/MrLYCZvy2D30oCTDF33VUOxSusc9zeJP29ye+WuNG3gX9CVaYbx1I2d
-----END RSA PRIVATE KEY-----",
"PRIVATE_KEY_PHRASE":"123456",
"SCENE":"ANT",
"CALLER":"ob_ssl_crypt",
"CERT_NAME":"ob_yanhua_test",
"PRIVATE_KEY_NAME":"ob_yanhua_test-app-id-authn-RSA-2048-private",
"KEY_VERSION":"1"
}';