From 733b38cd8d0e36b14e292f6e2bb8ccaa7abd6db5 Mon Sep 17 00:00:00 2001 From: Alexander Medvednikov Date: Sun, 24 May 2026 15:16:37 +0300 Subject: [PATCH] db.mysql: add Config.ssl_mode to control MYSQL_OPT_SSL_MODE (fix #27139) (#27215) --- vlib/db/mysql/enums.v | 12 ++++++++++++ vlib/db/mysql/mysql.c.v | 12 ++++++++++++ 2 files changed, 24 insertions(+) diff --git a/vlib/db/mysql/enums.v b/vlib/db/mysql/enums.v index 76b3edfd9..a9cee54bf 100644 --- a/vlib/db/mysql/enums.v +++ b/vlib/db/mysql/enums.v @@ -1,5 +1,17 @@ module mysql +// SslMode mirrors the values of the C `enum mysql_ssl_mode`, used with +// `MYSQL_OPT_SSL_MODE`. Use `.unset` to leave the option untouched, in which +// case the underlying libmysqlclient default applies (typically `.preferred`). +pub enum SslMode { + unset = 0 + disabled = 1 + preferred = 2 + required = 3 + verify_ca = 4 + verify_identity = 5 +} + // FieldType is a list of all supported MYSQL field types. pub enum FieldType { type_decimal diff --git a/vlib/db/mysql/mysql.c.v b/vlib/db/mysql/mysql.c.v index bdd693129..1f2cec907 100644 --- a/vlib/db/mysql/mysql.c.v +++ b/vlib/db/mysql/mysql.c.v @@ -89,6 +89,13 @@ pub mut: dbname string flag ConnectionFlag + // ssl_mode controls the SSL/TLS negotiation policy via `MYSQL_OPT_SSL_MODE`. + // Set it to `.disabled` to connect to servers without TLS support + // (libmysqlclient 8.x otherwise tries `.preferred`/`.required`, which can + // fail against servers built without SSL). When left as `.unset`, no + // `MYSQL_OPT_SSL_MODE` call is made and the libmysqlclient default applies. + ssl_mode SslMode + // SSL params, only valid when set .client_ssl ssl_key string ssl_cert string @@ -125,6 +132,11 @@ pub fn connect(config Config) !DB { } username := config.connection_user()! + if config.ssl_mode != .unset { + ssl_mode := int(config.ssl_mode) + db.set_option(C.MYSQL_OPT_SSL_MODE, &ssl_mode) + } + if config.flag.has(.client_ssl) { if config.ssl_key.len > 0 { db.set_option(C.MYSQL_OPT_SSL_KEY, config.ssl_key.str) -- 2.39.5