Initializer
init(url:)
MySQLConfiguration from an appropriately-formatted URL.init?(url: URL)
Parameters
urlA
URLcontaining MySQL connection parameters.
Return Value
nil if url is missing required information or has an invalid scheme.
Discussion
The supported URL formats are:
mysql://username:password@hostname:port/database?ssl-mode=mode
mysql+tcp://username:password@hostname:port/database?ssl-mode=mode
mysql+uds://username:password@localhost/path?ssl-mode=mode#database
The mysql+tcp scheme requests a connection over TCP. The mysql scheme is an alias for mysql+tcp. Only the hostname and username components are required.
The mysql+uds scheme requests a connection via a UNIX domain socket. The username and path components are required. The authority must always be empty or localhost, and may not specify a port.
The allowed mode values for ssl-mode are:
Value |
Behavior |
|---|---|
|
Don’t use TLS, even if the server supports it. |
|
Use TLS if possible. |
|
Enforce TLS support, including CA and hostname verification. |
ssl-mode values are case-insensitive. VERIFY_CA and VERIFY_IDENTITY are accepted as aliases of REQUIRED. tls-mode, tls, and ssl are recognized aliases of ssl-mode.
If no ssl-mode is specified, the default mode is REQUIRED for TCP connections, or DISABLED for UDS connections. If more than one mode is specified, the last one wins. Whenever a TLS connection is made, full certificate verification (both chain of trust and hostname match) is always enforced, regardless of the mode used.
Warning
At this time of this writing, PREFERRED is the same as REQUIRED, due to limitations of the underlying implementation. A future version will remove this restriction.
Note
It is possible to emulate libmysqlclient‘s definitions for REQUIRED (TLS enforced, but without certificate verification) and VERIFY_CA (TLS enforced with no hostname verification) by manually specifying the TLS configuration instead of using a URL. It is strongly recommended for both security and privacy reasons to always leave full certificate verification enabled whenever possible. See NIOSSL’s TLSConfiguration for additional information and recommendations.