Add optional ssl_cadata arg

[kukushking]

Hi there,

Starting with Python 3.4 ssl module supports providing CA certs via cadata. I suppose it's useful If you'd like to dynamically fetch the certificate from somewhere and avoid having to create a temporary file.

This is exactly the use case in aws/aws-sdk-pandas#664 - we would like to fetch MySQL connection details from AWS Glue Connections, including the CA certificate stored in AWS S3, if configured, and pass them over to PyMySQL.

[kukushking]

@grooverdan Hi Dan - could you have a look, please?

[grooverdan]

@kukushking, recommend a little bit more patience. Some maintainers are exceptionally busy people.

On the code itself:

• Recommend squashing the commits so it look readable in the history
• Improve test cases to actually cover the use SSL functionality introduced. While the existing mock tests aren't great, taking the time to introduce a improved test case for your case, and the default path based SSL would be appreciated.

I assume your pinging of me and @lecram is based on previous contributions. As you can see, this was a considerable time ago and we're probably not the best people to review.

From aws/aws-sdk-pandas#664, it looks like you actually have a use case for this or potentially something you are working towards. Recommend stating the objective, because at the moment it looks like you are adding this just because you can. Maintainers, particularly busy ones, like to see a tangible case for reviewing and merging code.

[kukushking]

@grooverdan Thanks for your feedback and apologies for any annoyance! Let me tag some of more recent contributors. @methane @darxriggs

• Updated the PR description with the use case.
• Squashed the commits (it is also possible to do during merge).
• There is an existing path-based test case and I added cadata-based one as well. There are no SSL test cases for MariaDB, which is the reason for minor coverage decrease, however, default Docker image for MariaDB isn't configured with SSL so so far I just had to go along with it. I'll see what I can do to improve coverage though.

[methane]

I'm very conservative about adding more options.

Is the ssl_cadata a well-known option name for MySQL clients? Does mysql CLI have the option?
As far as I checked this list, I can not find ssl-cadata.
https://dev.mysql.com/doc/c-api/8.0/en/mysql-options.html

[methane]

FYI, you can pass SSLContext object to ssl=ctx option. So you don't need to add this option nor use temporary file.
You have full control of SSLContext already.

[kukushking]

Indeed, passing SSLContext worked just fine. Seems I overlooked that option. Thanks for all help!