Finally make non-TLS connections work with modern MySQL (#114)

* Bump the package to Swift 5.10. Lots of non-functional changes to make Concurrency warnings go away. CI updates. README and docs updates.

* _CryptoExtras has had RSA for a long time now. Use it.

* It would be nice if Xcode would actually tell me about these errors

* Add CI that tests using non-TLS connections

* Quick and dirty retry loop

* MySQLCommand doesn't actually need to be Sendable, we can just silence the compiler since we already use it safely

Author: gwynne

.github/contributing.md

@@ -7,7 +7,6 @@ on:
   push: { branches: [ main ] }
 env:
   LOG_LEVEL: info
-  SWIFT_DETERMINISTIC_HASHING: 1
   MYSQL_DATABASE: 'test_database'
   MYSQL_DATABASE_A: 'test_database'
   MYSQL_DATABASE_B: 'test_database'
@@ -25,7 +24,7 @@ jobs:
   api-breakage:
     if: ${{ !(github.event.pull_request.draft || false) }}
     runs-on: ubuntu-latest
-    container: swift:jammy
+    container: swift:noble
     steps:
       - name: Check out code
         uses: actions/checkout@v5
@@ -35,6 +34,44 @@ jobs:
           git config --global --add safe.directory "${GITHUB_WORKSPACE}"
           swift package diagnose-api-breaking-changes origin/main
 
+  linux-insecure-test:
+    if: ${{ !(github.event.pull_request.draft || false) }}
+    strategy:
+      fail-fast: false
+      matrix:
+        dbimage:
+          - mysql:9.4
+        swiftver:
+          - swift:6.1-noble
+    runs-on: ubuntu-latest
+    container:
+      image: ${{ matrix.swiftver }}
+      volumes: [ 'mysqlshare:/var/run/mysqld' ]
+    services:
+      mysql-a:
+        image: ${{ matrix.dbimage }}
+        volumes: [ 'mysqlshare:/var/run/mysqld' ]
+        env: { MYSQL_ALLOW_EMPTY_PASSWORD: true, MYSQL_USER: test_username, MYSQL_PASSWORD: test_password, MYSQL_DATABASE: test_database }
+    steps:
+      - name: Force MySQL server to disallow TLS
+        shell: bash
+        run: |
+          apt-get update && apt-get install -y 'mysql-client-core-*' curl
+          i=0; while ((i<10)); do
+            { mysql -BS/var/run/mysqld/mysqld.sock <<<"SET PERSIST ssl_ca='',ssl_cert='',ssl_key='';ALTER INSTANCE RELOAD TLS NO ROLLBACK ON ERROR;" ; } && break
+            sleep 2
+            i=$((i+1))
+          done
+          ((i<10))
+      - name: Check out package
+        uses: actions/checkout@v5
+      - name: Run unit tests
+        run: swift test --enable-code-coverage
+      - name: Upload code coverage
+        uses: vapor/[email protected]
+        with:
+          codecov_token: ${{ secrets.CODECOV_TOKEN }}
+  
   linux-all:
     if: ${{ !(github.event.pull_request.draft || false) }}
     strategy:
@@ -49,8 +86,10 @@ jobs:
           - percona:8
         swiftver:
           - swift:5.10-jammy
-          - swift:6.0-jammy
-          - swift:6.1-jammy
+          - swift:6.0-noble
+          - swift:6.1-noble
+          - swiftlang/swift:nightly-6.2-noble
+          - swiftlang/swift:nightly-main-noble
     runs-on: ubuntu-latest
     container: ${{ matrix.swiftver }}
     services:
@@ -67,7 +106,7 @@ jobs:
         uses: actions/checkout@v5
         with: { path: 'mysql-nio' }
       - name: Run unit tests
-        run: swift test --package-path mysql-nio --enable-code-coverage --sanitize=thread
+        run: swift test --package-path mysql-nio --enable-code-coverage
       - name: Upload code coverage
         uses: vapor/[email protected]
         with:
@@ -125,7 +164,7 @@ jobs:
       - name: Check out code
         uses: actions/checkout@v5
       - name: Run all tests
-        run: swift test --sanitize=thread --enable-code-coverage
+        run: swift test --enable-code-coverage
       - name: Upload code coverage
         uses: vapor/[email protected]
         with:

.github/workflows/test.yml

@@ -1,4 +1,4 @@
-// swift-tools-version:5.7
+// swift-tools-version:5.10
 import PackageDescription
 
 let package = Package(
@@ -13,20 +13,40 @@ let package = Package(
         .library(name: "MySQLNIO", targets: ["MySQLNIO"]),
     ],
     dependencies: [
+        .package(url: "https://github.com/apple/swift-algorithms.git", from: "1.0.0"),
         .package(url: "https://github.com/apple/swift-crypto.git", "1.0.0" ..< "4.0.0"),
         .package(url: "https://github.com/apple/swift-log.git", from: "1.0.0"),
         .package(url: "https://github.com/apple/swift-nio.git", from: "2.0.0"),
         .package(url: "https://github.com/apple/swift-nio-ssl.git", from: "2.14.0"),
     ],
     targets: [
-        .target(name: "MySQLNIO", dependencies: [
-            .product(name: "Crypto", package: "swift-crypto"),
-            .product(name: "Logging", package: "swift-log"),
-            .product(name: "NIO", package: "swift-nio"),
-            .product(name: "NIOSSL", package: "swift-nio-ssl"),
-        ]),
-        .testTarget(name: "MySQLNIOTests", dependencies: [
-            .target(name: "MySQLNIO"),
-        ]),
+        .target(
+            name: "MySQLNIO",
+            dependencies: [
+                .product(name: "Algorithms", package: "swift-algorithms"),
+                .product(name: "_CryptoExtras", package: "swift-crypto"),
+                .product(name: "Crypto", package: "swift-crypto"),
+                .product(name: "Logging", package: "swift-log"),
+                .product(name: "NIO", package: "swift-nio"),
+                .product(name: "NIOSSL", package: "swift-nio-ssl"),
+            ],
+            swiftSettings: swiftSettings
+        ),
+        .testTarget(
+            name: "MySQLNIOTests",
+            dependencies: [
+                .target(name: "MySQLNIO"),
+            ],
+            swiftSettings: swiftSettings
+        ),
     ]
 )
+
+var swiftSettings: [SwiftSetting] { [
+    .enableUpcomingFeature("ExistentialAny"),
+    .enableUpcomingFeature("ConciseMagicFile"),
+    .enableUpcomingFeature("ForwardTrailingClosures"),
+    .enableUpcomingFeature("DisableOutwardActorInference"),
+    .enableUpcomingFeature("MemberImportVisibility"),
+    .enableExperimentalFeature("StrictConcurrency=complete"),
+] }

Package.swift

@@ -1,17 +1,13 @@
 <p align="center">
-<picture>
-  <source media="(prefers-color-scheme: dark)" srcset="https://github.com/vapor/mysql-nio/assets/1130717/8ef2ef8b-070d-4026-a425-8e25159ca398">
-  <source media="(prefers-color-scheme: light)" srcset="https://github.com/vapor/mysql-nio/assets/1130717/595fbebd-8762-4a32-b990-3abde04a411c">
-  <img src="https://github.com/vapor/mysql-nio/assets/1130717/595fbebd-8762-4a32-b990-3abde04a411c" height="96" alt="MySQLNIO">
-</picture> 
+<img src="https://design.vapor.codes/images/vapor-mysqlnio.svg" height="96" alt="MySQLNIO">
 <br>
 <br>
 <a href="https://docs.vapor.codes/4.0/"><img src="https://design.vapor.codes/images/readthedocs.svg" alt="Documentation"></a>
 <a href="https://discord.gg/vapor"><img src="https://design.vapor.codes/images/discordchat.svg" alt="Team Chat"></a>
 <a href="LICENSE"><img src="https://design.vapor.codes/images/mitlicense.svg" alt="MIT License"></a>
 <a href="https://github.com/vapor/mysql-nio/actions/workflows/test.yml"><img src="https://img.shields.io/github/actions/workflow/status/vapor/mysql-nio/test.yml?event=push&style=plastic&logo=github&label=test&logoColor=%23ccc" alt="Continuous Integration"></a>
 <a href="https://codecov.io/github/vapor/mysql-nio"><img src="https://img.shields.io/codecov/c/github/vapor/mysql-nio?style=plastic&logo=codecov&label=Codecov"></a>
-<a href="https://swift.org"><img src="https://design.vapor.codes/images/swift57up.svg" alt="Swift 5.7+"></a>
+<a href="https://swift.org"><img src="https://design.vapor.codes/images/swift510up.svg" alt="Swift 5.10+"></a>
 </p>
 
 <br>
@@ -95,8 +91,6 @@ let conn = try await MySQLConnection(
 ).get()
 ```
 
-Note: These examples will make use of `wait()` for simplicity. This is appropriate if you are using MySQLNIO on the main thread, like for a CLI tool or in tests. However, you should never use `wait()` on an event loop.
-
 There are a few ways to create a `SocketAddress`:
 
 - `init(ipAddress: String, port: Int)`
@@ -108,7 +102,7 @@ There are also some additional arguments you can supply to `connect`.
 - `tlsConfiguration` An optional `TLSConfiguration` struct. This will be used if the MySQL server supports TLS. Pass `nil` to opt-out of TLS.
 - `serverHostname` An optional `String` to use in conjunction with `tlsConfiguration` to specify the server's hostname. 
 
-`connect` will return a future `MySQLConnection`, or an error if it could not connect.
+`connect` will return a `MySQLConnection`, or an error if it could not connect.
 
 ### Database Protocol