fix: make startTls code compatible with Bun

.github/workflows/ci-bun.yml

@@ -20,10 +20,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        bun-version: [0.5.1]
+        bun-version: [0.6.13]
         mysql-version: ["mysql:5.7", "mysql:8.0.18", "mysql:8.0.22"]
         use-compression: [0]
-        use-tls: [0]
+        use-tls: [0,1]
 
     name: Bun ${{ matrix.bun-version }} - DB ${{ matrix.mysql-version }} - SSL=${{matrix.use-tls}} Compression=${{matrix.use-compression}}
 

lib/connection.js

@@ -355,48 +355,46 @@ class Connection extends EventEmitter {
     });
     const rejectUnauthorized = this.config.ssl.rejectUnauthorized;
     const verifyIdentity = this.config.ssl.verifyIdentity;
-    const host = this.config.host;
+    const servername = this.config.host
 
     let secureEstablished = false;
-    const secureSocket = new Tls.TLSSocket(this.stream, {
-      rejectUnauthorized: rejectUnauthorized,
-      requestCert: true,
-      secureContext: secureContext,
-      isServer: false
+    this.stream.removeAllListeners('data');
+    const secureSocket = Tls.connect({
+      rejectUnauthorized,
+      requestCert: rejectUnauthorized,
+      secureContext,
+      isServer: false,
+      socket: this.stream,
+      servername
+    }, () => {
+      secureEstablished = true;
+      if (rejectUnauthorized) {
+        if (typeof servername === 'string' && verifyIdentity) {
+          const cert = secureSocket.getPeerCertificate(true);
+          const serverIdentityCheckError = Tls.checkServerIdentity(servername, cert);
+          if (serverIdentityCheckError) {
+            onSecure(serverIdentityCheckError);
+            return;
+          }
+        }
+      }
+      onSecure();
     });
-    if (typeof host === 'string') {
-      secureSocket.setServername(host);
-    }
     // error handler for secure socket
-    secureSocket.on('_tlsError', err => {
+    secureSocket.on('error', err => {
       if (secureEstablished) {
         this._handleNetworkError(err);
       } else {
         onSecure(err);
       }
     });
-    secureSocket.on('secure', () => {
-      secureEstablished = true;
-      let callbackValue = null;
-      if (rejectUnauthorized) {
-        callbackValue = secureSocket.ssl.verifyError()
-        if (!callbackValue && typeof host === 'string' && verifyIdentity) {
-          const cert = secureSocket.ssl.getPeerCertificate(true);
-          callbackValue = Tls.checkServerIdentity(host, cert)
-        }
-      }
-      onSecure(callbackValue);
-    });
     secureSocket.on('data', data => {
       this.packetParser.execute(data);
     });
-    this.write = buffer => {
-      secureSocket.write(buffer);
-    };
-    // start TLS communications
-    secureSocket._start();
+    this.write = buffer => secureSocket.write(buffer);
   }
 
+  /*
   pipe() {
     if (this.stream instanceof Net.Stream) {
       this.stream.ondata = (data, start, end) => {
@@ -412,6 +410,7 @@ class Connection extends EventEmitter {
       });
     }
   }
+  */
 
   protocolError(message, code) {
     // Starting with MySQL 8.0.24, if the client closes the connection
@@ -948,48 +947,4 @@ class Connection extends EventEmitter {
   }
 }
 
-if (Tls.TLSSocket) {
-  // not supported
-} else {
-  Connection.prototype.startTLS = function _startTLS(onSecure) {
-    if (this.config.debug) {
-      // eslint-disable-next-line no-console
-      console.log('Upgrading connection to TLS');
-    }
-    const crypto = require('crypto');
-    const config = this.config;
-    const stream = this.stream;
-    const rejectUnauthorized = this.config.ssl.rejectUnauthorized;
-    const credentials = crypto.createCredentials({
-      key: config.ssl.key,
-      cert: config.ssl.cert,
-      passphrase: config.ssl.passphrase,
-      ca: config.ssl.ca,
-      ciphers: config.ssl.ciphers
-    });
-    const securePair = Tls.createSecurePair(
-      credentials,
-      false,
-      true,
-      rejectUnauthorized
-    );
-
-    if (stream.ondata) {
-      stream.ondata = null;
-    }
-    stream.removeAllListeners('data');
-    stream.pipe(securePair.encrypted);
-    securePair.encrypted.pipe(stream);
-    securePair.cleartext.on('data', data => {
-      this.packetParser.execute(data);
-    });
-    this.write = function(buffer) {
-      securePair.cleartext.write(buffer);
-    };
-    securePair.on('secure', () => {
-      onSecure(rejectUnauthorized ? securePair.ssl.verifyError() : null);
-    });
-  };
-}
-
 module.exports = Connection;