fix: Correct MySQL required SSL mode — it verifies the server certificate#1755
Open
claudespice wants to merge 1 commit into
Open
fix: Correct MySQL required SSL mode — it verifies the server certificate#1755claudespice wants to merge 1 commit into
claudespice wants to merge 1 commit into
Conversation
The MySQL connector reference pages described `mysql_sslmode: required` as merely "requires an SSL connection" without mentioning that the server certificate and domain name are verified. The runtime uses `mysql_async::SslOpts::default()` for this mode, which sets `accept_invalid_certs=false` and `skip_domain_validation=false` — equivalent to `verify_identity`. PR #1707 corrected the wording in deployment.md (vNext) but left the connector reference page and every versioned copy untouched. This PR brings the eight remaining reference pages in line with the runtime behaviour and with the corrected deployment guide. Verified against: - crates/runtime/src/catalogconnector/mysql.rs:165-208 (metadata pool) - datafusion-table-providers mysqlpool.rs get_ssl_opts() (federated query path, unchanged since v1.5.x) The `preferred` mode wording was also tightened to call out that it skips certificate/hostname verification, matching the runtime's `with_danger_accept_invalid_certs(true)` / `with_danger_skip_domain_validation(true)`. Files updated: 8 (vNext + 7 versioned)
✅ Pull with Spice PassedPassing checks:
|
🔍 Pull with Spice FailedPassing checks:
Failed checks:
Please address these issues and update your pull request. |
|
🚀 deployed to https://616d609e.spiceai-org-website.pages.dev |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The MySQL connector reference pages describe
mysql_sslmode: requiredas simply "requires an SSL connection" without mentioning that the server certificate and domain name are verified. The runtime actually usesmysql_async::SslOpts::default()for this mode, which setsaccept_invalid_certs=falseandskip_domain_validation=false— equivalent toverify_identity.PR #1707 corrected this wording in
deployment.md(vNext) but left the connector reference page and every versioned copy untouched. This PR brings the remaining eight reference pages in line with the actual runtime behaviour and with the corrected deployment guide.The
preferredmode wording is also tightened to call out that it skips certificate/hostname verification, matching the runtime'swith_danger_accept_invalid_certs(true)/with_danger_skip_domain_validation(true).Changes
Replaced the
mysql_sslmoderow description in all 8 affected files:website/docs/components/data-connectors/mysql/index.mdwebsite/versioned_docs/version-1.5.x/components/data-connectors/mysql.mdwebsite/versioned_docs/version-1.6.x/components/data-connectors/mysql.mdwebsite/versioned_docs/version-1.7.x/components/data-connectors/mysql.mdwebsite/versioned_docs/version-1.8.x/components/data-connectors/mysql.mdwebsite/versioned_docs/version-1.9.x/components/data-connectors/mysql.mdwebsite/versioned_docs/version-1.10.x/components/data-connectors/mysql.mdwebsite/versioned_docs/version-1.11.x/components/data-connectors/mysql.mdFiles updated: 8 (1 vNext + 7 versioned).
Reference
Verified against:
crates/runtime/src/catalogconnector/mysql.rs:165-208(catalog metadata pool —secret_map.get("sslmode")defaults to"required", branches intometadata_pool_ssl_optswhich returnsSslOpts::default()forrequiredand addswith_danger_accept_invalid_certs(true)+with_danger_skip_domain_validation(true)forpreferred).datafusion-table-providersmysqlpool.rsget_ssl_opts()(federated query path — same default-vs-danger split, unchanged across v1.5.x–trunk).Behaviour matches the wording already shipped in
mysql/deployment.mdafter PR #1707.Notes
npm run buildwas not run because of disk-space exhaustion in the working environment. The diff is a pure single-cell text replacement inside an existing markdown table — no link, anchor, or tag changes — so the Docusaurus broken-link / inline-tag checks should be unaffected. CI on this PR will confirm.