Fixes routing in neo4j aura

Fixes #57

Author: transistive

src/Neo4j/Neo4jConnectionPool.php

@@ -15,6 +15,9 @@
 
 use Bolt\connection\StreamSocket;
 use Exception;
+use function explode;
+use const FILTER_VALIDATE_IP;
+use function filter_var;
 use Laudis\Neo4j\Bolt\BoltDriver;
 use Laudis\Neo4j\Common\Uri;
 use Laudis\Neo4j\Contracts\ConnectionPoolInterface;
@@ -52,9 +55,37 @@ public function acquire(UriInterface $uri, AccessMode $mode): StreamSocket
     {
         $table = $this->routingTable($uri);
         $server = $this->getNextServer($table, $mode);
-        $uri = Uri::create($server);
 
-        return $this->pool->acquire($uri, $mode);
+        $socket = $this->pool->acquire(Uri::create($server), $mode);
+
+        $scheme = $uri->getScheme();
+        $explosion = explode('+', $scheme, 2);
+        $sslConfig = $explosion[1] ?? '';
+
+        if (str_starts_with('s', $sslConfig)) {
+            $this->enableSsl($server, $sslConfig, $socket, $uri);
+        }
+
+        return $socket;
+    }
+
+    private function enableSsl(string $host, string $sslConfig, StreamSocket $sock, UriInterface $uri): void
+    {
+        // Pass a standard option to enable ssl as there is no direct flag
+        // and \Bolt\Bolt only turns on ssl if an option is passed.
+        $options = [
+            'verify_peer' => true,
+            'peer_name' => $uri->getHost(),
+        ];
+        if (!filter_var($host, FILTER_VALIDATE_IP)) {
+            $options['SNI_enabled'] = true;
+        }
+        if ($sslConfig === 's') {
+            $sock->setSslContextOptions($options);
+        } elseif ($sslConfig === 'ssc') {
+            $options['allow_self_signed'] = true;
+            $sock->setSslContextOptions($options);
+        }
     }
 
     /**