-
Notifications
You must be signed in to change notification settings - Fork 337
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement SSL Mode #88
Comments
Working branch at caleblloyd@5d5c0e9 How should we test this? Just a small test file that connects and runs a query? Or something more? |
My hope would be that we could re-run the full test suite with every combination of |
I agree, we should test all 3. I'll take a shot at converting the test to use a
What do you think about using a single schema for the tests? And drop the schema on test startup? This would allow somebody with an existing instillation of MySQL to add our tests to their instillation pretty easily. The last part will be to write a |
👍 Another benefit would be being more easily able to test MariaDB 10.1 or MySQL Server 5.6 (I believe you've mentioned that in the past).
Sounds good; are you thinking of creating a If it were |
SSL WIP is passing with the refactored tests |
👍 I want to land the refactored serialization PR soon. (Spent too much time trying to understand the compression protocol, make sure compression would work in the new API (before finalizing it) and ended up reporting bugs in |
How do you want me to handle the SSL Implementation PR? Do you want a PR to the |
I was just thinking... the new code's not perfect but it's better than what's already on |
Shipped in 0.3.0. |
From the connection string reference:
I think this is a needed feature for 1.0 since many companies require SSL/TLS. Also, some cloud MySQL providers such as Google Cloud SQL run over the public network so they pretty much require SSL/TLS.
A solution would most likely use the SslStream library
Certificate validation based off the
SSL Mode
options would be performed in the RemoteCertificateValidationCallback, checking the SslPolicyErrorsI don't fully understand why someone would want to use the
SSL Mode=Preferred
option. It seems to me like this would mask a server misconfiguration. This may be an option that was added to support the legacyEncrypt, UseSSL
connection string options. I think we should consider not implementingSSL Mode=Preferred
.The text was updated successfully, but these errors were encountered: