Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated README SSL documentation #1142

Closed
wants to merge 2 commits into from
Closed

Updated README SSL documentation #1142

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ac0705f
Updated README SSL documentation
ultratin Oct 15, 2020
d297ff5
Rephrased to positive
ultratin Oct 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,6 @@ Mysql2::Client.new(
:reconnect = true/false,
:local_infile = true/false,
:secure_auth = true/false,
:ssl_mode = :disabled / :preferred / :required / :verify_ca / :verify_identity,
:default_file = '/path/to/my.cfg',
:default_group = 'my.cfg section',
:default_auth = 'authentication_windows_client'
Expand All @@ -263,8 +262,9 @@ Setting any of the following options will enable an SSL connection, but only if
your MySQL client library and server have been compiled with SSL support.
MySQL client library defaults will be used for any parameters that are left out
or set to nil. Relative paths are allowed, and may be required by managed
hosting providers such as Heroku. Set `:sslverify => true` to require that the
server presents a valid certificate.
hosting providers such as Heroku. For MySQL versions > `5.7.11` do not use `:sslverify`
Copy link
Collaborator

@sodabrew sodabrew Oct 15, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest to rephrase this in the positive, how about:

For MySQL versions 5.7.11 and higher, use :ssl_mode to prefer or require an SSL connection and certificate validation. For earlier versions of MySQL, use the :sslverify boolean.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Off the top of my head, I don't recall the specific behavior if the user set :sslverify when connecting to MySQL 8. Based on the deprecation and now removal of this option, I think the mysql2 gem should enforce migrating users to :ssl_mode by way of warnings and failing the connection.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alright, changing it to sound more positive makes sense. Regarding the behaviour, I can open up an issue to track it.

key as that correlates to `SSL_VERIFY_VERIFY_CERT` which is deprecated in version `5.7.11` and completely removed in version `8.0`.
Use [`:ssl_mode`](https://dev.mysql.com/doc/refman/5.7/en/connection-options.html#option_general_ssl-mode) instead.

``` ruby
Mysql2::Client.new(
Expand All @@ -275,6 +275,7 @@ Mysql2::Client.new(
:sslcapath => '/path/to/cacerts',
:sslcipher => 'DHE-RSA-AES256-SHA',
:sslverify => true,
:ssl_mode = :disabled / :preferred / :required / :verify_ca / :verify_identity,
)
```

Expand Down