Add SslCa connection string option. Fixes #640

Author: bgrainger

docs/content/connection-options.md

@@ -101,9 +101,9 @@ These are the options that need to be used in order to configure a connection to
     <td>Specifies the password for the certificate specified using the <code>CertificateFile</code> option. Not required if the certificate file is not password protected.</td>
   </tr>
   <tr>
-    <td>CA Certificate File, CACertificateFile</td>
+    <td>CA Certificate File, CACertificateFile, SslCa, Ssl-Ca</td>
     <td></td>
-    <td>This option specifies the path to a CA certificate file in a PEM Encoded (.pem) format. This should be used in with <code>SslMode=VerifyCA</code> or <code>SslMode=VerifyFull</code> to enable verification of a CA certificate that is not trusted by the Operating System's certificate store.</td>
+    <td>This option specifies the path to a CA certificate file in a PEM Encoded (.pem) format. This should be used in with <code>SslMode=VerifyCA</code> or <code>SslMode=VerifyFull</code> to enable verification of a CA certificate that is not trusted by the Operating System’s certificate store.</td>
   </tr>
   <tr>
     <td>Certificate Store Location, CertificateStoreLocation</td>

docs/content/tutorials/migrating-from-connector-net.md

@@ -61,6 +61,10 @@ MySqlConnector has some different default connection string options:
   </tr>
 </table>
 
+Connector/NET uses `CertificateFile` to specify the client’s private key, unless `SslCert` and `SslKey` are specified, in which case
+it is used to specify the server’s CA certificate file; `SslCa` is just an alias for this option. MySqlConnector always uses `CertificateFile`
+for the client’s private key (in PFX format); `SslCa` (aka `CACertificateFile`) is a separate option to specify the server’s CA certificate.
+
 Some connection string options that are supported in Connector/NET are not supported in MySqlConnector. For a full list of options that are
 supported in MySqlConnector, see the [Connection Options](connection-options).
 

src/MySqlConnector/Core/ConnectionSettings.cs

@@ -46,7 +46,7 @@ public ConnectionSettings(MySqlConnectionStringBuilder csb)
 			SslMode = csb.SslMode;
 			CertificateFile = csb.CertificateFile;
 			CertificatePassword = csb.CertificatePassword;
-			CACertificateFile = csb.CACertificateFile;
+			CACertificateFile = csb.SslCa;
 			CertificateStoreLocation = csb.CertificateStoreLocation;
 			CertificateThumbprint = csb.CertificateThumbprint;
 

src/MySqlConnector/MySql.Data.MySqlClient/MySqlConnectionStringBuilder.cs

@@ -85,10 +85,17 @@ public string CertificatePassword
 			set => MySqlConnectionStringOption.CertificatePassword.SetValue(this, value);
 		}
 
+		[Obsolete("Use SslCa instead.")]
 		public string CACertificateFile
 		{
-			get => MySqlConnectionStringOption.CACertificateFile.GetValue(this);
-			set => MySqlConnectionStringOption.CACertificateFile.SetValue(this, value);
+			get => MySqlConnectionStringOption.SslCa.GetValue(this);
+			set => MySqlConnectionStringOption.SslCa.SetValue(this, value);
+		}
+
+		public string SslCa
+		{
+			get => MySqlConnectionStringOption.SslCa.GetValue(this);
+			set => MySqlConnectionStringOption.SslCa.SetValue(this, value);
 		}
 
 		public MySqlCertificateStoreLocation CertificateStoreLocation
@@ -352,7 +359,7 @@ internal abstract class MySqlConnectionStringOption
 		public static readonly MySqlConnectionStringOption<string> CertificatePassword;
 		public static readonly MySqlConnectionStringOption<MySqlCertificateStoreLocation> CertificateStoreLocation;
 		public static readonly MySqlConnectionStringOption<string> CertificateThumbprint;
-		public static readonly MySqlConnectionStringOption<string> CACertificateFile;
+		public static readonly MySqlConnectionStringOption<string> SslCa;
 
 		// Connection Pooling Options
 		public static readonly MySqlConnectionStringOption<bool> Pooling;
@@ -461,8 +468,8 @@ static MySqlConnectionStringOption()
 				keys: new[] { "CertificatePassword", "Certificate Password" },
 				defaultValue: null));
 
-			AddOption(CACertificateFile = new MySqlConnectionStringOption<string>(
-				keys: new[] { "CACertificateFile", "CA Certificate File" },
+			AddOption(SslCa = new MySqlConnectionStringOption<string>(
+				keys: new[] { "CACertificateFile", "CA Certificate File", "SslCa", "Ssl-Ca" },
 				defaultValue: null));
 
 			AddOption(CertificateStoreLocation = new MySqlConnectionStringOption<MySqlCertificateStoreLocation>(

tests/MySqlConnector.Tests/MySqlConnectionStringBuilderTests.cs

@@ -40,7 +40,6 @@ public void Defaults()
 			Assert.False(csb.ForceSynchronous);
 			Assert.Equal(MySqlGuidFormat.Default, csb.GuidFormat);
 			Assert.False(csb.IgnoreCommandTransaction);
-			Assert.Null(csb.CACertificateFile);
 			Assert.Equal(MySqlLoadBalance.RoundRobin, csb.LoadBalance);
 #endif
 			Assert.True(csb.IgnorePrepare);
@@ -59,6 +58,7 @@ public void Defaults()
 			Assert.Null(csb.ServerRsaPublicKeyFile);
 			Assert.Null(csb.ServerSPN);
 #endif
+			Assert.Null(csb.SslCa);
 			Assert.Equal(MySqlSslMode.Preferred, csb.SslMode);
 			Assert.True(csb.TreatTinyAsBoolean);
 			Assert.False(csb.UseCompression);
@@ -100,7 +100,6 @@ public void ParseConnectionString()
 					"connectionidletimeout=30;" +
 					"forcesynchronous=true;" +
 					"ignore command transaction=true;" +
-					"ca certificate file=ca.pem;" +
 					"server rsa public key file=rsa.pem;" +
 					"load balance=random;" +
 					"guidformat=timeswapbinary16;" +
@@ -120,6 +119,7 @@ public void ParseConnectionString()
 					"protocol=pipe;" +
 					"pwd=Pass1234;" +
 					"Treat Tiny As Boolean=false;" +
+					"ssl-ca=ca.pem;" +
 					"ssl mode=verifyca;" +
 					"Uid=username;" +
 					"useaffectedrows=true"
@@ -128,7 +128,10 @@ public void ParseConnectionString()
 			Assert.True(csb.AllowUserVariables);
 			Assert.True(csb.AllowZeroDateTime);
 			Assert.False(csb.AutoEnlist);
+#if !BASELINE
+			// Connector/NET treats "CertificateFile" (client certificate) and "SslCa" (server CA) as aliases
 			Assert.Equal("file.pfx", csb.CertificateFile);
+#endif
 			Assert.Equal("Pass1234", csb.CertificatePassword);
 			Assert.Equal(MySqlCertificateStoreLocation.CurrentUser, csb.CertificateStoreLocation);
 			Assert.Equal("thumbprint123", csb.CertificateThumbprint);
@@ -149,7 +152,6 @@ public void ParseConnectionString()
 			Assert.Equal(30u, csb.ConnectionIdleTimeout);
 			Assert.True(csb.ForceSynchronous);
 			Assert.True(csb.IgnoreCommandTransaction);
-			Assert.Equal("ca.pem", csb.CACertificateFile);
 			Assert.Equal("rsa.pem", csb.ServerRsaPublicKeyFile);
 			Assert.Equal(MySqlLoadBalance.Random, csb.LoadBalance);
 			Assert.Equal(MySqlGuidFormat.TimeSwapBinary16, csb.GuidFormat);
@@ -169,6 +171,7 @@ public void ParseConnectionString()
 			Assert.Equal(1234u, csb.Port);
 			Assert.Equal("db-server", csb.Server);
 			Assert.False(csb.TreatTinyAsBoolean);
+			Assert.Equal("ca.pem", csb.SslCa);
 			Assert.Equal(MySqlSslMode.VerifyCA, csb.SslMode);
 			Assert.True(csb.UseAffectedRows);
 			Assert.True(csb.UseCompression);

tests/MySqlConnector.Tests/MySqlConnector.Tests.csproj

@@ -31,7 +31,7 @@
   </ItemGroup>
 
   <ItemGroup Condition=" '$(Configuration)' == 'Baseline' ">
-    <PackageReference Include="MySql.Data" Version="8.0.13" />
+    <PackageReference Include="MySql.Data" Version="8.0.16" />
     <Compile Remove="ByteBufferWriterTests.cs;CachedProcedureTests.cs;ConnectionTests.cs;FakeMySqlServer.cs;FakeMySqlServerConnection.cs;LoadBalancerTests.cs;MySqlExceptionTests.cs;NormalizeTests.cs;ServerVersionTests.cs;StatementPreparerTests.cs;TypeMapperTests.cs;UtilityTests.cs" />
   </ItemGroup>
 

tests/SideBySide/SideBySide.csproj

@@ -39,7 +39,7 @@
   </ItemGroup>
 
   <ItemGroup Condition=" '$(Configuration)' == 'Baseline' ">
-    <PackageReference Include="MySql.Data" Version="8.0.15" />
+    <PackageReference Include="MySql.Data" Version="8.0.16" />
   </ItemGroup>
 
   <ItemGroup Condition=" '$(TargetFramework)' == 'netcoreapp1.1.2' ">

tests/SideBySide/SslTests.cs

@@ -54,9 +54,7 @@ public async Task ConnectSslClientCertificate(string certFile, string certFilePa
 			if (caCertFile != null)
 			{
 				csb.SslMode = MySqlSslMode.VerifyCA;
-#if !BASELINE
-				csb.CACertificateFile = Path.Combine(AppConfig.CertsPath, caCertFile);
-#endif
+				csb.SslCa = Path.Combine(AppConfig.CertsPath, caCertFile);
 			}
 			using (var connection = new MySqlConnection(csb.ConnectionString))
 			{
@@ -132,24 +130,22 @@ public async Task ConnectSslBadClientCertificate()
 			csb.CertificatePassword = "";
 			using (var connection = new MySqlConnection(csb.ConnectionString))
 			{
-#if BASELINE
-				var exType = typeof(IOException);
-#else
-				var exType = typeof(MySqlException);
-#endif
-				await Assert.ThrowsAsync(exType, async () => await connection.OpenAsync());
+				await Assert.ThrowsAsync<MySqlException>(async () => await connection.OpenAsync());
 			}
 		}
 
-		[SkippableFact(ServerFeatures.KnownCertificateAuthority, ConfigSettings.RequiresSsl, Baseline = "MySql.Data does not support CACertificateFile")]
+		[SkippableFact(ServerFeatures.KnownCertificateAuthority, ConfigSettings.RequiresSsl)]
 		public async Task ConnectSslBadCaCertificate()
 		{
 			var csb = AppConfig.CreateConnectionStringBuilder();
-			csb.CertificateFile = Path.Combine(AppConfig.CertsPath, "ssl-client.pfx");
-			csb.SslMode = MySqlSslMode.VerifyCA;
 #if !BASELINE
-			csb.CACertificateFile = Path.Combine(AppConfig.CertsPath, "non-ca-client-cert.pem");
+			csb.CertificateFile = Path.Combine(AppConfig.CertsPath, "ssl-client.pfx");
+#else
+			csb.SslCert = Path.Combine(AppConfig.CertsPath, "ssl-client-cert.pem");
+			csb.SslKey = Path.Combine(AppConfig.CertsPath, "ssl-client-key.pem");
 #endif
+			csb.SslMode = MySqlSslMode.VerifyCA;
+			csb.SslCa = Path.Combine(AppConfig.CertsPath, "non-ca-client-cert.pem");
 			using (var connection = new MySqlConnection(csb.ConnectionString))
 			{
 				await Assert.ThrowsAsync<MySqlException>(async () => await connection.OpenAsync());