Add tests to verify ssl_mode option.

Add tests to verify the following commmit. Can't enable SSL with MariaDB driver library.
brianmario · Apr 16, 2021 · 2d3070a · 2d3070a
1 parent 63bd0f9
commit 2d3070a
Showing 1 changed file with 48 additions and 29 deletions.
diff --git a/spec/mysql2/client_spec.rb b/spec/mysql2/client_spec.rb
@@ -126,39 +126,58 @@ def connect(*args)
     expect(Mysql2::Client).to respond_to(:default_query_options)
   end
 
-  it "should be able to connect via SSL options" do
-    ssl = @client.query "SHOW VARIABLES LIKE 'have_ssl'"
-    ssl_uncompiled = ssl.any? { |x| x['Value'] == 'OFF' }
-    pending("DON'T WORRY, THIS TEST PASSES - but SSL is not compiled into your MySQL daemon.") if ssl_uncompiled
-    ssl_disabled = ssl.any? { |x| x['Value'] == 'DISABLED' }
-    pending("DON'T WORRY, THIS TEST PASSES - but SSL is not enabled in your MySQL daemon.") if ssl_disabled
-
-    # You may need to adjust the lines below to match your SSL certificate paths
-    ssl_client = nil
-    option_overrides = {
-      'host'     => 'mysql2gem.example.com', # must match the certificates
-      :sslkey    => '/etc/mysql/client-key.pem',
-      :sslcert   => '/etc/mysql/client-cert.pem',
-      :sslca     => '/etc/mysql/ca-cert.pem',
-      :sslcipher => 'DHE-RSA-AES256-SHA',
-      :sslverify => true,
-    }
-    %i[sslkey sslcert sslca].each do |item|
-      unless File.exist?(option_overrides[item])
-        pending("DON'T WORRY, THIS TEST PASSES - but #{option_overrides[item]} does not exist.")
-        break
+  context "SSL" do
+    before(:example) do
+      ssl = @client.query "SHOW VARIABLES LIKE 'have_ssl'"
+      ssl_uncompiled = ssl.any? { |x| x['Value'] == 'OFF' }
+      pending("DON'T WORRY, THIS TEST PASSES - but SSL is not compiled into your MySQL daemon.") if ssl_uncompiled
+      ssl_disabled = ssl.any? { |x| x['Value'] == 'DISABLED' }
+      pending("DON'T WORRY, THIS TEST PASSES - but SSL is not enabled in your MySQL daemon.") if ssl_disabled
+
+      %i[sslkey sslcert sslca].each do |item|
+        unless File.exist?(option_overrides[item])
+          pending("DON'T WORRY, THIS TEST PASSES - but #{option_overrides[item]} does not exist.")
+          break
+        end
       end
     end
-    expect do
-      ssl_client = new_client(option_overrides)
-    end.not_to raise_error
 
-    results = Hash[ssl_client.query('SHOW STATUS WHERE Variable_name LIKE "Ssl_%"').map { |x| x.values_at('Variable_name', 'Value') }]
-    expect(results['Ssl_cipher']).not_to be_empty
-    expect(results['Ssl_version']).not_to be_empty
+    let(:option_overrides) do
+      {
+        'host'     => 'mysql2gem.example.com', # must match the certificates
+        :sslkey    => '/etc/mysql/client-key.pem',
+        :sslcert   => '/etc/mysql/client-cert.pem',
+        :sslca     => '/etc/mysql/ca-cert.pem',
+        :sslcipher => 'DHE-RSA-AES256-SHA',
+        :sslverify => true,
+      }
+    end
+
+    let(:ssl_client) do
+      new_client(option_overrides)
+    end
 
-    expect(ssl_client.ssl_cipher).not_to be_empty
-    expect(results['Ssl_cipher']).to eql(ssl_client.ssl_cipher)
+    %i[disabled preferred required verify_ca verify_identity].each do |ssl_mode|
+      it "should set ssl_mode option #{ssl_mode}" do
+        options = {
+          ssl_mode: ssl_mode,
+        }
+        options.merge!(option_overrides)
+        expect do
+          new_client(options)
+        end.to_not output.to_stderr
+      end
+    end
+
+    it "should be able to connect via SSL options" do
+      # You may need to adjust the lines below to match your SSL certificate paths
+      results = Hash[ssl_client.query('SHOW STATUS WHERE Variable_name LIKE "Ssl_%"').map { |x| x.values_at('Variable_name', 'Value') }]
+      expect(results['Ssl_cipher']).not_to be_empty
+      expect(results['Ssl_version']).not_to be_empty
+
+      expect(ssl_client.ssl_cipher).not_to be_empty
+      expect(results['Ssl_cipher']).to eql(ssl_client.ssl_cipher)
+    end
   end
 
   def run_gc