mysql client should retry to establish an unsecured connection when failing to complete the SSL handshake in PREFERRED SSL mode (#1229)

Signed-off-by: Billy Yuan <billy112487983@gmail.com>

Signed-off-by: Billy Yuan <billy112487983@gmail.com>

Author: BillyYccc

vertx-mysql-client/src/main/java/io/vertx/mysqlclient/impl/MySQLConnectionFactory.java

@@ -114,6 +114,14 @@ protected void configureNetClientOptions(NetClientOptions netClientOptions) {
 
   @Override
   protected Future<Connection> doConnectInternal(SocketAddress server, String username, String password, String database, EventLoopContext context) {
+    if (sslMode == SslMode.PREFERRED) {
+      return doConnect(server, username, password, database, sslMode, context).recover(err -> doConnect(server, username, password, database, SslMode.DISABLED, context));
+    } else {
+      return doConnect(server, username, password, database, sslMode, context);
+    }
+  }
+
+  private Future<Connection> doConnect(SocketAddress server, String username, String password, String database, SslMode sslMode, EventLoopContext context) {
     Future<NetSocket> fut = netClient.connect(server);
     return fut.flatMap(so -> {
       MySQLSocketConnection conn = new MySQLSocketConnection((NetSocketInternal) so, cachePreparedStatements, preparedStatementCacheSize, preparedStatementCacheSqlFilter, pipeliningLimit, context);

vertx-mysql-client/src/test/java/io/vertx/mysqlclient/MySQLTLSTest.java

@@ -12,6 +12,7 @@
 package io.vertx.mysqlclient;
 
 import io.vertx.core.Vertx;
+import io.vertx.core.buffer.Buffer;
 import io.vertx.core.net.PemKeyCertOptions;
 import io.vertx.core.net.PemTrustOptions;
 import io.vertx.ext.unit.TestContext;
@@ -31,14 +32,18 @@ public class MySQLTLSTest {
   @ClassRule
   public static MySQLRule rule = MySQLRule.SHARED_TLS_INSTANCE;
 
+  @ClassRule
+  public static MySQLRule nonTlsRule = MySQLRule.SHARED_INSTANCE;
+
   Vertx vertx;
   MySQLConnectOptions options;
+  MySQLConnectOptions nonTlsOptions;
 
   @Before
   public void setup() {
     vertx = Vertx.vertx();
     options = new MySQLConnectOptions(rule.options());
-
+    nonTlsOptions = new MySQLConnectOptions(nonTlsRule.options());
     /*
      * For testing we have to drop using the TLSv1.2.
      *
@@ -79,7 +84,7 @@ public void testSuccessWithDisabledSslMode(TestContext ctx) {
   }
 
   @Test
-  public void testSuccessWithPreferredSslMode(TestContext ctx) {
+  public void testTlsSuccessWithPreferredSslMode(TestContext ctx) {
     options.setSslMode(SslMode.PREFERRED);
     options.setPemTrustOptions(new PemTrustOptions().addCertPath("tls/files/ca.pem"));
     options.setPemKeyCertOptions(new PemKeyCertOptions()
@@ -95,6 +100,40 @@ public void testSuccessWithPreferredSslMode(TestContext ctx) {
     }));
   }
 
+  @Test
+  public void testTlsHandshakeFailWithPreferredSslMode(TestContext ctx) {
+    options.setSslMode(SslMode.PREFERRED);
+    options.setPemTrustOptions(new PemTrustOptions().addCertValue(Buffer.buffer("INVALID CERT")));
+    options.setPemKeyCertOptions(new PemKeyCertOptions()
+      .setCertPath("tls/files/client-cert.pem")
+      .setKeyPath("tls/files/client-key.pem"));
+
+    MySQLConnection.connect(vertx, options, ctx.asyncAssertSuccess(conn -> {
+      ctx.assertFalse(conn.isSSL());
+      conn.query("SELECT 1").execute(ctx.asyncAssertSuccess(res -> {
+        ctx.assertEquals(1, res.size());
+        conn.close();
+      }));
+    }));
+  }
+
+  @Test
+  public void testNonTlsConnWithPreferredSslMode(TestContext ctx) {
+    nonTlsOptions.setSslMode(SslMode.PREFERRED);
+    nonTlsOptions.setPemTrustOptions(new PemTrustOptions().addCertPath("tls/files/ca.pem"));
+    nonTlsOptions.setPemKeyCertOptions(new PemKeyCertOptions()
+      .setCertPath("tls/files/client-cert.pem")
+      .setKeyPath("tls/files/client-key.pem"));
+
+    MySQLConnection.connect(vertx, nonTlsOptions, ctx.asyncAssertSuccess(conn -> {
+      ctx.assertFalse(conn.isSSL());
+      conn.query("SELECT 1").execute(ctx.asyncAssertSuccess(res -> {
+        ctx.assertEquals(1, res.size());
+        conn.close();
+      }));
+    }));
+  }
+
   @Test
   public void testSuccessWithRequiredSslMode(TestContext ctx) {
     options.setSslMode(SslMode.REQUIRED);

vertx-mysql-client/src/test/java/io/vertx/mysqlclient/junit/MySQLRule.java

@@ -88,7 +88,7 @@ private void initServer() throws IOException {
       server.withClasspathResourceMapping("tls/files", "/etc/mysql/tls", BindMode.READ_ONLY);
     } else {
       server.withClasspathResourceMapping("tls/files", "/etc/mysql/tls", BindMode.READ_ONLY);
-      String cmd = "--max_allowed_packet=33554432 --max_prepared_stmt_count=1024 --local_infile=true --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci";
+      String cmd = "--disable-ssl --max_allowed_packet=33554432 --max_prepared_stmt_count=1024 --local_infile=true --character-set-server=utf8mb4 --collation-server=utf8mb4_general_ci";
       if (isUsingMySQL8()) {
         // introduced in MySQL 8.0.3
         cmd += " --caching-sha2-password-public-key-path=/etc/mysql/tls/public_key.pem --caching-sha2-password-private-key-path=/etc/mysql/tls/private_key.pem";