adds tls sni support to mysql2 #1405
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sodabrew
reviewed
Jul 29, 2025
|
|
||
| #ifdef CLIENT_CONNECT_ATTRS | ||
| mysql_options(wrapper->client, MYSQL_OPT_CONNECT_ATTR_RESET, 0); | ||
| rb_hash_foreach(conn_attrs, opt_connect_attr_add_i, (VALUE)wrapper); | ||
| #endif | ||
|
|
||
| if(sni_hostname != NULL) { |
There was a problem hiding this comment.
Nit:
Suggested change
| if(sni_hostname != NULL) { | |
| if (sni_hostname != NULL) { |
sodabrew
reviewed
Jul 29, 2025
| args.mysql = wrapper->client; | ||
| args.client_flag = NUM2ULONG(flags); | ||
|
|
||
| sni_hostname = NIL_P(tls_sni_name) ? NULL : StringValueCStr(tls_sni_name); |
There was a problem hiding this comment.
Need to refresh myself on this code to remember if this ought to go into the args structure. It is used to stash arguments that are passed by pointer-to-structure to nogvl_connect -- but I don't remember if the args structure is also used for subsequent reconnects or looking up connection parameters later on.
sodabrew
reviewed
Jul 29, 2025
| args.passwd = NIL_P(pass) ? NULL : StringValueCStr(pass); | ||
| args.db = NIL_P(database) ? NULL : StringValueCStr(database); | ||
| args.mysql = wrapper->client; | ||
| args.client_flag = NUM2ULONG(flags); |
There was a problem hiding this comment.
If this spacing off by one or is that a GitHub display bug? (I'm reviewing on web)
sodabrew
reviewed
Jul 29, 2025
|
|
||
| #ifdef CLIENT_CONNECT_ATTRS | ||
| mysql_options(wrapper->client, MYSQL_OPT_CONNECT_ATTR_RESET, 0); | ||
| rb_hash_foreach(conn_attrs, opt_connect_attr_add_i, (VALUE)wrapper); | ||
| #endif | ||
|
|
||
| if(sni_hostname != NULL) { | ||
| /* Set the TLS SNI name if provided */ | ||
| mysql_options(wrapper->client, MYSQL_OPT_TLS_SNI_SERVERNAME, sni_hostname); |
There was a problem hiding this comment.
I found that this wasn't added until MySQL 8.1:
https://dev.mysql.com/doc/relnotes/mysql/8.1/en/news-8-1-0.html
However MySQL 8.0 is still in support window, so #ifdef protection is required.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull request introduces support for specifying a TLS SNI (Server Name Indication) name during MySQL client connections. This enhancement allows users to set a custom SNI hostname for TLS connections, improving flexibility and compatibility with certain server configurations.
Enhancements to TLS Configuration:
rb_mysql_connectfunction inext/mysql2/client.cto accept an additional parameter,tls_sni_name, and use it to set the TLS SNI server name via theMYSQL_OPT_TLS_SNI_SERVERNAMEoption in the MySQL client library. [1] [2]init_mysql2_clientfunction inext/mysql2/client.cto reflect the updatedrb_mysql_connectmethod signature, increasing the number of expected arguments from 8 to 9.Updates to Ruby Client Initialization:
:tls_sni_nameoption in theinitializemethod oflib/mysql2/client.rb, allowing users to specify the SNI name when creating a MySQL client instance.tls_sni_namevalue is converted to a string if provided, and passed it as an argument to the updatedconnectmethod.