Skip to content

Initializer

init(url:)

Create a MySQLConfiguration from an appropriately-formatted URL.
init?(url: URL)

Parameters

url

A URL containing MySQL connection parameters.

Return Value

nil if url is missing required information or has an invalid scheme.

Discussion

The supported URL formats are:

mysql://username:password@hostname:port/database?ssl-mode=mode
mysql+tcp://username:password@hostname:port/database?ssl-mode=mode
mysql+uds://username:password@localhost/path?ssl-mode=mode#database

The mysql+tcp scheme requests a connection over TCP. The mysql scheme is an alias for mysql+tcp. Only the hostname and username components are required.

The mysql+uds scheme requests a connection via a UNIX domain socket. The username and path components are required. The authority must always be empty or localhost, and may not specify a port.

The allowed mode values for ssl-mode are:

Value

Behavior

DISABLED

Don’t use TLS, even if the server supports it.

PREFERRED

Use TLS if possible.

REQUIRED

Enforce TLS support, including CA and hostname verification.

ssl-mode values are case-insensitive. VERIFY_CA and VERIFY_IDENTITY are accepted as aliases of REQUIRED. tls-mode, tls, and ssl are recognized aliases of ssl-mode.

If no ssl-mode is specified, the default mode is REQUIRED for TCP connections, or DISABLED for UDS connections. If more than one mode is specified, the last one wins. Whenever a TLS connection is made, full certificate verification (both chain of trust and hostname match) is always enforced, regardless of the mode used.

Warning

At this time of this writing, PREFERRED is the same as REQUIRED, due to limitations of the underlying implementation. A future version will remove this restriction.

Note

It is possible to emulate libmysqlclient‘s definitions for REQUIRED (TLS enforced, but without certificate verification) and VERIFY_CA (TLS enforced with no hostname verification) by manually specifying the TLS configuration instead of using a URL. It is strongly recommended for both security and privacy reasons to always leave full certificate verification enabled whenever possible. See NIOSSL’s TLSConfiguration for additional information and recommendations.