@@ -65,6 +65,11 @@ This may be needed if you deploy to a system where these libraries
6565are located somewhere different than on your build system.
6666This overrides any rpath calculated by default or by the options above.
6767
68+ * ` --with-openssl-dir[=/path/to/openssl] ` - Specify the directory where OpenSSL
69+ is installed. In most cases, the Ruby runtime and MySQL client libraries will
70+ link against a system-installed OpenSSL library and this option is not needed.
71+ Use this option when non-default library paths are needed.
72+
6873* ` --with-sanitize[=address,cfi,integer,memory,thread,undefined] ` -
6974Enable sanitizers for Clang / GCC. If no argument is given, try to enable
7075all sanitizers or fail if none are available. If a command-separated list of
@@ -89,13 +94,48 @@ the library file `libmysqlclient.so` but is missing the header file `mysql.h`
8994
9095### Mac OS X
9196
92- You may use MacPorts, Homebrew , or a native MySQL installer package. The most
97+ You may use Homebew, MacPorts , or a native MySQL installer package. The most
9398common paths will be automatically searched. If you want to select a specific
9499MySQL directory, use the ` --with-mysql-dir ` or ` --with-mysql-config ` options above.
95100
96101If you have not done so already, you will need to install the XCode select tools by running
97102` xcode-select --install ` .
98103
104+ Later versions of MacOS no longer distribute a linkable OpenSSL library. It is
105+ common to use Homebrew or MacPorts to install OpenSSL. Make sure that both the
106+ Ruby runtime and MySQL client libraries are compiled with the same OpenSSL
107+ family, 1.0 or 1.1 or 3.0, since only one can be loaded at runtime.
108+
109+ ``` sh
110+ $ brew install openssl@1.1
111+ $ gem install mysql2 -- --with-openssl-dir=$( brew --prefix openssl@1.1)
112+
113+ or
114+
115+ $ sudo port install openssl11
116+ ```
117+
118+ Since most Ruby projects use Bundler, you can set build options in the Bundler
119+ config rather than manually installing a global mysql2 gem. This example shows
120+ how to set build arguments with [ Bundler config] ( https://bundler.io/man/bundle-config.1.html ) :
121+
122+ ``` sh
123+ $ bundle config --local build.mysql2 -- --with-openssl-dir=$( brew --prefix openssl@1.1)
124+ ```
125+
126+ Another helpful trick is to use the same OpenSSL library that your Ruby was
127+ built with, if it was built with an alternate OpenSSL path. This example finds
128+ the argument ` --with-openssl-dir=/some/path ` from the Ruby build and adds that
129+ to the [ Bundler config] ( https://bundler.io/man/bundle-config.1.html ) :
130+
131+ ``` sh
132+ $ bundle config --local build.mysql2 -- $( ruby -r rbconfig -e ' puts RbConfig::CONFIG["configure_args"]' | xargs -n1 | grep with-openssl-dir)
133+ ```
134+
135+ Note the additional double dashes (` -- ` ) these separate command-line arguments
136+ that ` gem ` or ` bundler ` interpret from the addiitonal arguments that are passed
137+ to the mysql2 build process.
138+
99139### Windows
100140
101141Make sure that you have Ruby and the DevKit compilers installed. We recommend
@@ -205,7 +245,7 @@ result = statement.execute(1, "CA", :as => :array)
205245
206246Session Tracking information can be accessed with
207247
208- ``` ruby
248+ ``` ruby
209249c = Mysql2 ::Client .new (
210250 host: " 127.0.0.1"
211251 username: " root"
@@ -261,19 +301,13 @@ type of connection to make, with special interpretation you should be aware of:
261301* An IPv4 or IPv6 address will result in a TCP connection.
262302* Any other value will be looked up as a hostname for a TCP connection.
263303
264- ### SSL options
265-
266- Setting any of the following options will enable an SSL connection, but only if
267- your MySQL client library and server have been compiled with SSL support.
268- MySQL client library defaults will be used for any parameters that are left out
269- or set to nil. Relative paths are allowed, and may be required by managed
270- hosting providers such as Heroku.
271-
272- For MySQL versions 5.7.11 and higher, use ` :ssl_mode ` to prefer or require an
273- SSL connection and certificate validation. For earlier versions of MySQL, use
274- the ` :sslverify ` boolean. For details on each of the ` :ssl_mode ` options, see
275- [ https://dev.mysql.com/doc/refman/8.0/en/connection-options.html ] ( https://dev.mysql.com/doc/refman/8.0/en/connection-options.html#option_general_ssl-mode ) .
304+ ### SSL/TLS options
276305
306+ Setting any of the following options will enable an SSL/TLS connection, but
307+ only if your MySQL client library and server have been compiled with SSL
308+ support. MySQL client library defaults will be used for any parameters that are
309+ left out or set to nil. Relative paths are allowed, and may be required by
310+ managed hosting providers such as Heroku.
277311
278312``` ruby
279313Mysql2 ::Client .new (
@@ -284,10 +318,28 @@ Mysql2::Client.new(
284318 :sslcapath => ' /path/to/cacerts'
285319 :sslcipher => ' DHE-RSA-AES256-SHA'
286320 :sslverify => true , # Removed in MySQL 8.0
287- :ssl_mode = :disabled / :preferred / :required / :verify_ca / :verify_identity ,
321+ :ssl_mode => :disabled / :preferred / :required / :verify_ca / :verify_identity ,
288322 )
289323```
290324
325+ For MySQL versions 5.7.11 and higher, use ` :ssl_mode ` to prefer or require an
326+ SSL connection and certificate validation. For earlier versions of MySQL, use
327+ the ` :sslverify ` boolean. For details on each of the ` :ssl_mode ` options, see
328+ [ https://dev.mysql.com/doc/refman/8.0/en/connection-options.html ] ( https://dev.mysql.com/doc/refman/8.0/en/connection-options.html#option_general_ssl-mode ) .
329+
330+ The ` :ssl_mode ` option will also set the appropriate MariaDB connection flags:
331+
332+ | ` :ssl_mode ` | MariaDB option value |
333+ | --- | --- |
334+ | ` :disabled ` | MYSQL_OPT_SSL_ENFORCE = 0 |
335+ | ` :required ` | MYSQL_OPT_SSL_ENFORCE = 1 |
336+ | ` :verify_identity ` | MYSQL_OPT_SSL_VERIFY_SERVER_CERT = 1 |
337+
338+ MariaDB does not support the ` :preferred ` or ` :verify_ca ` options. For more
339+ information about SSL/TLS in MariaDB, see
340+ [ https://mariadb.com/kb/en/securing-connections-for-client-and-server/ ] ( https://mariadb.com/kb/en/securing-connections-for-client-and-server/ )
341+ and [ https://mariadb.com/kb/en/mysql_optionsv/#tls-options ] ( https://mariadb.com/kb/en/mysql_optionsv/#tls-options )
342+
291343### Secure auth
292344
293345Starting with MySQL 5.6.5, secure_auth is enabled by default on servers (it was disabled by default prior to this).
@@ -334,7 +386,7 @@ In this example, the compression flag is negated with `-COMPRESS`.
334386Active Record typically reads its configuration from a file named `database.yml` or an environment variable `DATABASE_URL`.
335387Use the value `mysql2` as the protocol name. For example :
336388
337- ` ` ` shell
389+ ` ` ` sh
338390DATABASE_URL=mysql2://sql_user:sql_pass@sql_host_name:port/sql_db_name?option1=value1&option2=value2
339391` ` `
340392
393445
394446Yields :
395447
396- ` ` ` ruby
448+ ` ` ` ruby
397449{"1"=>1}
398450{"2"=>2}
399451next_result: Unknown column 'A' in 'field list' (Mysql2::Error)
@@ -573,14 +625,16 @@ As for field values themselves, I'm workin on it - but expect that soon.
573625
574626This gem is tested with the following Ruby versions on Linux and Mac OS X :
575627
576- * Ruby MRI 2.0.0, 2.1.x, 2.2.x, 2.3.x, 2.4.x, 2.5.x, 2.6.x
628+ * Ruby MRI 2.0 through 2.7 (all versions to date)
629+ * Ruby MRI 3.0, 3.1, 3.2 (all versions to date)
577630* Rubinius 2.x and 3.x do work but may fail under some workloads
578631
579632This gem is tested with the following MySQL and MariaDB versions :
580633
581634* MySQL 5.5, 5.6, 5.7, 8.0
582- * MySQL Connector/C 6.0 and 6.1 (primarily on Windows)
583- * MariaDB 5.5, 10.0, 10.1, 10.2, 10.3
635+ * MySQL Connector/C 6.0, 6.1, 8.0 (primarily on Windows)
636+ * MariaDB 5.5, 10.x, with a focus on 10.6 LTS and 10.11 LTS
637+ * MariaDB Connector/C 2.x, 3.x
584638
585639# ## Ruby on Rails / Active Record
586640
0 commit comments