setup connectionpool to correctly configure ssl based on driver config

Author: transistive

src/Bolt/BoltConnectionPool.php

@@ -28,6 +28,7 @@
 use Laudis\Neo4j\Databags\DriverConfiguration;
 use Laudis\Neo4j\Databags\SessionConfiguration;
 use Laudis\Neo4j\Enum\ConnectionProtocol;
+use Laudis\Neo4j\Enum\SslMode;
 use Laudis\Neo4j\Neo4j\RoutingTable;
 use Psr\Http\Message\UriInterface;
 use Throwable;
@@ -44,6 +45,9 @@ final class BoltConnectionPool implements ConnectionPoolInterface
     private static array $connectionCache = [];
     private DriverConfiguration $driverConfig;
 
+    /**
+     * @psalm-external-mutation-free
+     */
     public function __construct(DriverConfiguration $driverConfig)
     {
         $this->driverConfig = $driverConfig;
@@ -98,9 +102,17 @@ public function acquire(
 
     private function configureSsl(UriInterface $uri, UriInterface $server, StreamSocket $socket, ?RoutingTable $table): void
     {
-        $scheme = $uri->getScheme();
-        $explosion = explode('+', $scheme, 2);
-        $sslConfig = $explosion[1] ?? '';
+        $sslMode = $this->driverConfig->getSslConfiguration()->getMode();
+        $sslConfig = '';
+        if ($sslMode === SslMode::FROM_URL()) {
+            $scheme = $uri->getScheme();
+            $explosion = explode('+', $scheme, 2);
+            $sslConfig = $explosion[1] ?? '';
+        } elseif ($sslMode === SslMode::ENABLE()) {
+            $sslConfig = 's';
+        } elseif ($sslMode === SslMode::ENABLE_WITH_SELF_SIGNED()) {
+            $sslConfig = 'ssc';
+        }
 
         if (str_starts_with($sslConfig, 's')) {
             // We have to pass a different host when working with ssl on aura.
@@ -118,7 +130,7 @@ private function configureSsl(UriInterface $uri, UriInterface $server, StreamSoc
     private function enableSsl(string $host, string $sslConfig, StreamSocket $sock): void
     {
         $options = [
-            'verify_peer' => true,
+            'verify_peer' => $this->driverConfig->getSslConfiguration()->isVerifyPeer(),
             'peer_name' => $host,
         ];
         if (!filter_var($host, FILTER_VALIDATE_IP)) {

src/Bolt/BoltDriver.php

@@ -91,13 +91,14 @@ public static function create($uri, ?DriverConfiguration $configuration = null,
         }
 
         $socketTimeout ??= TransactionConfiguration::DEFAULT_TIMEOUT;
+        $configuration ??= DriverConfiguration::default();
 
         if ($formatter !== null) {
             return new self(
                 $uri,
                 $authenticate ?? Authenticate::fromUrl(),
-                new BoltConnectionPool(),
-                $configuration ?? DriverConfiguration::default(),
+                new BoltConnectionPool($configuration),
+                $configuration,
                 $formatter,
                 $socketTimeout
             );
@@ -106,8 +107,8 @@ public static function create($uri, ?DriverConfiguration $configuration = null,
         return new self(
             $uri,
             $authenticate ?? Authenticate::fromUrl(),
-            new BoltConnectionPool(),
-            $configuration ?? DriverConfiguration::default(),
+            new BoltConnectionPool($configuration),
+            $configuration,
             OGMFormatter::create(),
             $socketTimeout
         );

src/Enum/SslMode.php

@@ -26,6 +26,7 @@
  * @method static self ENABLE()
  * @method static self DISABLE()
  * @method static self FROM_URL()
+ * @method static self ENABLE_WITH_SELF_SIGNED()
  *
  * @extends TypedEnum<string>
  *
@@ -36,6 +37,7 @@
 final class SslMode extends TypedEnum implements JsonSerializable
 {
     private const ENABLE = 'enable';
+    private const ENABLE_WITH_SELF_SIGNED = 'enable_with_self_signed';
     private const DISABLE = 'disable';
     private const FROM_URL = 'from_url';
 

src/Neo4j/Neo4jDriver.php

@@ -92,13 +92,14 @@ public static function create($uri, ?DriverConfiguration $configuration = null,
         }
 
         $socketTimeout ??= TransactionConfiguration::DEFAULT_TIMEOUT;
+        $configuration ??= DriverConfiguration::default();
 
         if ($formatter !== null) {
             return new self(
                 $uri,
                 $authenticate ?? Authenticate::fromUrl(),
-                new Neo4jConnectionPool(new BoltConnectionPool()),
-                $configuration ?? DriverConfiguration::default(),
+                new Neo4jConnectionPool(new BoltConnectionPool($configuration)),
+                $configuration,
                 $formatter,
                 $socketTimeout
             );
@@ -107,8 +108,8 @@ public static function create($uri, ?DriverConfiguration $configuration = null,
         return new self(
             $uri,
             $authenticate ?? Authenticate::fromUrl(),
-            new Neo4jConnectionPool(new BoltConnectionPool()),
-            $configuration ?? DriverConfiguration::default(),
+            new Neo4jConnectionPool(new BoltConnectionPool($configuration)),
+            $configuration,
             OGMFormatter::create(),
             $socketTimeout
         );

tests/Unit/BoltCypherFormatterTest.php

@@ -20,6 +20,7 @@
 use Bolt\structures\UnboundRelationship;
 use Laudis\Neo4j\Common\BoltConnection;
 use Laudis\Neo4j\Databags\DatabaseInfo;
+use Laudis\Neo4j\Databags\DriverConfiguration;
 use Laudis\Neo4j\Enum\AccessMode;
 use Laudis\Neo4j\Enum\ConnectionProtocol;
 use Laudis\Neo4j\Formatter\BasicFormatter;
@@ -95,6 +96,7 @@ private function getConnection(): BoltConnection
             ConnectionProtocol::BOLT_V43(),
             AccessMode::READ(),
             new DatabaseInfo(''),
+            DriverConfiguration::default(),
             static fn () => new Bolt($connection),
         );
     }