PyMySQL · methane · Dec 3, 2019 · Mar 19, 2019 · Mar 19, 2019 · Mar 19, 2019
diff --git a/MySQLdb/_mysql.c b/MySQLdb/_mysql.c
@@ -384,6 +384,7 @@ _mysql_ConnectionObject_Initialize(
          *capath = NULL, *cipher = NULL;
     PyObject *ssl_keepref[5] = {NULL};
     int n_ssl_keepref = 0;
+    int ssl_mode = 0;
     char *host = NULL, *user = NULL, *passwd = NULL,
          *db = NULL, *unix_socket = NULL;
     unsigned int port = 0;
@@ -393,7 +394,7 @@ _mysql_ConnectionObject_Initialize(
                   "connect_timeout", "compress",
                   "named_pipe", "init_command",
                   "read_default_file", "read_default_group",
-                  "client_flag", "ssl",
+                  "client_flag", "ssl", "ssl_mode",
                   "local_infile",
                   "read_timeout", "write_timeout", "charset",
                   "auth_plugin",
@@ -412,15 +413,15 @@ _mysql_ConnectionObject_Initialize(
     self->open = 0;
 
     if (!PyArg_ParseTupleAndKeywords(args, kwargs,
-                "|ssssisOiiisssiOiiiss:connect",
+                "|ssssisOiiisssiOiiiiss:connect",
                 kwlist,
                 &host, &user, &passwd, &db,
                 &port, &unix_socket, &conv,
                 &connect_timeout,
                 &compress, &named_pipe,
                 &init_command, &read_default_file,
                 &read_default_group,
-                &client_flag, &ssl,
+                &client_flag, &ssl, &ssl_mode,
                 &local_infile,
                 &read_timeout,
                 &write_timeout,
@@ -480,6 +481,16 @@ _mysql_ConnectionObject_Initialize(
     if (local_infile != -1)
         mysql_options(&(self->connection), MYSQL_OPT_LOCAL_INFILE, (char *) &local_infile);
 
+#if ((MYSQL_VERSION_ID >= 50555 && MYSQL_VERSION_ID <= 50599) || \
+(MYSQL_VERSION_ID >= 50636 && MYSQL_VERSION_ID <= 50699) || \
+(MYSQL_VERSION_ID >= 50711 && MYSQL_VERSION_ID <= 50799) || \
+(MYSQL_VERSION_ID >= 80000)) && \
+!defined(MARIADB_BASE_VERSION) && !defined(MARIADB_VERSION_ID)
+    #define HAVE_ENUM_MYSQL_OPT_SSL_MODE
+    if (ssl_mode) {
+        mysql_options(&(self->connection), MYSQL_OPT_SSL_MODE, &ssl_mode);
+    }
+#endif
     if (ssl) {
         mysql_ssl_set(&(self->connection), key, cert, ca, capath, cipher);
     }
@@ -1516,6 +1527,20 @@ _mysql_get_client_info(
     return PyUnicode_FromString(mysql_get_client_info());
 }
 
+static char _mysql_get_have_enum_mysql_opt_ssl_mode__doc__[] =
+"Returns whether enum MYSQL_OPT_SSL_MODE is defined.";
+static PyObject *
+_mysql_get_have_enum_mysql_opt_ssl_mode(
+    PyObject *self,
+    PyObject *noargs)
+{
+#ifdef HAVE_ENUM_MYSQL_OPT_SSL_MODE
+    Py_RETURN_TRUE;
+#else
+    Py_RETURN_FALSE;
+#endif
+}
+
 static char _mysql_ConnectionObject_get_host_info__doc__[] =
 "Returns a string that represents the MySQL client library\n\
 version. Non-standard.\n\
@@ -2567,6 +2592,12 @@ _mysql_methods[] = {
         METH_NOARGS,
         _mysql_get_client_info__doc__
     },
+    {
+        "get_have_enum_mysql_opt_ssl_mode",
+        (PyCFunction)_mysql_get_have_enum_mysql_opt_ssl_mode,
+        METH_NOARGS,
+        _mysql_get_have_enum_mysql_opt_ssl_mode__doc__
+    },
     {NULL, NULL} /* sentinel */
 };
 

diff --git a/MySQLdb/connections.py b/MySQLdb/connections.py
@@ -102,6 +102,13 @@ class object, used to create cursors (keyword only)
         :param int client_flag:
             flags to use or 0 (see MySQL docs or constants/CLIENTS.py)
 
+        :param str ssl_mode
-        :param str ssl_mode
+        :param str ssl_mode:
-        :param str ssl_mode
+        :param str ssl_mode:
+            specify the security settings for connection to the server;
+            see the MySQL documentation for more details
+            (mysql_option(), MYSQL_OPT_SSL_MODE).
+            Only one of 'DISABLED', 'PREFERRED', 'REQUIRED',
+            'VERIFY_CA', 'VERIFY_IDENTITY' can be specified.
+
         :param dict ssl:
             dictionary or mapping contains SSL connection parameters;
             see the MySQL documentation for more details
@@ -123,7 +130,7 @@ class object, used to create cursors (keyword only)
         There are a number of undocumented, non-standard methods. See the
         documentation for the MySQL C API for some hints on what they do.
         """
-        from MySQLdb.constants import CLIENT, FIELD_TYPE
+        from MySQLdb.constants import CLIENT, FIELD_TYPE, SSL_MODE
         from MySQLdb.converters import conversions, _bytes_or_str
         from weakref import proxy
 
@@ -162,6 +169,14 @@ class object, used to create cursors (keyword only)
 
         kwargs2['client_flag'] = client_flag
 
+        if 'ssl_mode' in kwargs:
+            if not _mysql.get_have_enum_mysql_opt_ssl_mode():
+                raise NotSupportedError('Does not support ssl_mode specification: %s' % _mysql.get_client_info())
+            if hasattr(SSL_MODE, kwargs['ssl_mode']):
+                kwargs2['ssl_mode'] = getattr(SSL_MODE, kwargs['ssl_mode'])
+            else:
+                raise NotSupportedError('Unknown MySQL ssl_mode specification: %s' % kwargs['ssl_mode'])
+
         # PEP-249 requires autocommit to be initially off
         autocommit = kwargs2.pop('autocommit', False)
 

diff --git a/MySQLdb/constants/SSL_MODE.py b/MySQLdb/constants/SSL_MODE.py
@@ -0,0 +1,11 @@
+"""MySQL SSL_MODE Constants
+
+These constants are used to specify SSL_MODE.
+
+"""
+
+DISABLED = 1
+PREFERRED = 2
+REQUIRED = 3
+VERIFY_CA = 4
+VERIFY_IDENTITY = 5
diff --git a/MySQLdb/constants/__init__.py b/MySQLdb/constants/__init__.py
@@ -1 +1 @@
-__all__ = ['CR', 'FIELD_TYPE','CLIENT','ER','FLAG']
+__all__ = ['CR', 'FIELD_TYPE','CLIENT','ER','FLAG','SSL_MODE']
diff --git a/doc/MySQLdb.constants.rst b/doc/MySQLdb.constants.rst
@@ -49,3 +49,10 @@ constants Package
     :undoc-members:
     :show-inheritance:
 
+:mod:`SSL_MODE` Module
+------------------
+
+.. automodule:: MySQLdb.constants.SSL_MODE
+    :members:
+    :undoc-members:
+    :show-inheritance:
diff --git a/doc/user_guide.rst b/doc/user_guide.rst
@@ -357,6 +357,18 @@ connect(parameters...)
 
             *This must be a keyword parameter.*
 
+         ssl_mode
+            If present, specify the security settings for the
+            connection to the server. For more information on ssl_mode,
+            see the MySQL documentation. Only one of 'DISABLED',
+            'PREFERRED', 'REQUIRED', 'VERIFY_CA', 'VERIFY_IDENTITY'
+            can be specified.
+
+            If not present, the session ssl_mode will be unchanged,
+            but in version 5.7 and later, the default is PREFERRED.
+
+            *This must be a keyword parameter.*
+
          ssl
             This parameter takes a dictionary or mapping, where the
             keys are parameter names used by the mysql_ssl_set_ MySQL

diff --git a/metadata.cfg b/metadata.cfg
@@ -38,3 +38,4 @@ py_modules:
         MySQLdb.constants.ER
         MySQLdb.constants.FIELD_TYPE
         MySQLdb.constants.FLAG
+        MySQLdb.constants.SSL_MODE
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		__all__ = ['CR', 'FIELD_TYPE','CLIENT','ER','FLAG']
		__all__ = ['CR', 'FIELD_TYPE','CLIENT','ER','FLAG','SSL_MODE']