Skip to content

Commit e98a004

Browse files
committed
Merge pull request #648 from sodabrew/ssl_verify
Add new option :sslverify
2 parents 6728435 + 0175267 commit e98a004

File tree

2 files changed

+10
-3
lines changed

2 files changed

+10
-3
lines changed

README.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -186,7 +186,8 @@ Setting any of the following options will enable an SSL connection, but only if
186186
your MySQL client library and server have been compiled with SSL support.
187187
MySQL client library defaults will be used for any parameters that are left out
188188
or set to nil. Relative paths are allowed, and may be required by managed
189-
hosting providers such as Heroku.
189+
hosting providers such as Heroku. Set `:sslverify => true` to require that the
190+
server presents a valid certificate.
190191

191192
``` ruby
192193
Mysql2::Client.new(
@@ -195,7 +196,8 @@ Mysql2::Client.new(
195196
:sslcert => '/path/to/client-cert.pem',
196197
:sslca => '/path/to/ca-cert.pem',
197198
:sslcapath => '/path/to/cacerts',
198-
:sslcipher => 'DHE-RSA-AES256-SHA'
199+
:sslcipher => 'DHE-RSA-AES256-SHA',
200+
:sslverify => true,
199201
)
200202
```
201203

lib/mysql2/client.rb

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,12 @@ def initialize(opts = {})
4444
ssl_options = opts.values_at(:sslkey, :sslcert, :sslca, :sslcapath, :sslcipher)
4545
ssl_set(*ssl_options) if ssl_options.any?
4646

47+
# SSL verify is a connection flag rather than a mysql_ssl_set option
48+
flags = 0
49+
flags |= @query_options[:connect_flags]
50+
flags |= opts[:flags] if opts[:flags]
51+
flags |= SSL_VERIFY_SERVER_CERT if opts[:sslverify] and ssl_options.any?
52+
4753
if [:user,:pass,:hostname,:dbname,:db,:sock].any?{|k| @query_options.has_key?(k) }
4854
warn "============= WARNING FROM mysql2 ============="
4955
warn "The options :user, :pass, :hostname, :dbname, :db, and :sock will be deprecated at some point in the future."
@@ -57,7 +63,6 @@ def initialize(opts = {})
5763
port = opts[:port]
5864
database = opts[:database] || opts[:dbname] || opts[:db]
5965
socket = opts[:socket] || opts[:sock]
60-
flags = opts[:flags] ? opts[:flags] | @query_options[:connect_flags] : @query_options[:connect_flags]
6166

6267
# Correct the data types before passing these values down to the C level
6368
user = user.to_s unless user.nil?

0 commit comments

Comments
 (0)