support for mysql_options()

[pprocacci]

It would be nice to be able to turn off this default behavior of wanting to use ssl on a connection that doesn't require it.

DBDish::mysql: Can't connect: SSL connection error: error:00000001:lib(0):func(0):reason(1)

% uname -a FreeBSD workvm.myhome 12.1-STABLE FreeBSD 12.1-STABLE r363997 GENERIC amd64

my $dbh = DBIish.connect("mysql", :host<host>, :database<db>, :user<user>, :password<pass>);

$dbh.execute(q:to/STATEMENT/);
a select statement
STATEMENT

[rbt]

A quick look at the DBIish MySQL driver doesn't show anything SSL related so I presume it's something between libmysql and the backend. It seems there are a number of possible reasons you can get this error.

Client/server library version: Homebrew/homebrew-core#6753

A cipher suite mismatch: https://bugs.mysql.com/bug.php?id=75311

Suggests to check that your cert is valid: https://mariadb.com/kb/en/library/mariadb-ssl-connection-issues/

Can you connect via the mysql client successfully using the same parameters as you provide to DBIish.connect?

[pprocacci]

• The mysql command line client works fine. It's using the same libraries as raku supposedly is.
• This connection doesn't use ssl.
• I think the key here is this driver not including a mysql_options() function that would allow me to turn it off:

https://dev.mysql.com/doc/c-api/5.7/en/mysql-options.html

[rbt]

Ah. I see. There are even commented out regression tests from the perl driver which haven't been ported for these (mysql_init_command specifically).

mysql.connect() should take an *%params arg similar to Pg and SQLite which allows setting additional details, and pass those to mysql_options() prior to connecting.

Thanks for digging that up.

[pprocacci]

Right, just so we're clear as I have a tendency of not being clear .... (lol).

Plain text mysql connections:

a) Using the mysql client work fine b) Using this driver fail.

The difference I believe is:

a) When compiled with SSL, the libmysqlclient uses ssl as the default (assumption) b) The mysql command line client is internally setting the ssl option to NONE as the default so everything succeeds, which allows users to re-enable ssl with various --ssl flags. c) The raku driver leaves the default as is (which I assume is require ssl from the library) ... so you get the error I presented.

It's be nice to have raku:

a) Set SSL to none as the default and b) Allow the option of re-enabling it (like you described in your latest post w/ passing *%opts to connect().)

Cheers!

[abraxxa]

I prefer security by default but it should be documented to make it clear and tell the user what needs to be done to use it in a secure way.