diff --git a/MANIFEST b/MANIFEST
index fba58e0..7d625f8 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -70,6 +70,7 @@ t/88async-multi-stmts.t
t/89async-method-check.t
t/90no-async.t
t/91errcheck.t
+t/92ssl_connection.t
t/92ssl_optional.t
t/92ssl_backronym_vulnerability.t
t/92ssl_riddle_vulnerability.t
diff --git a/dbdimp.c b/dbdimp.c
index 4c510ca..608a433 100644
--- a/dbdimp.c
+++ b/dbdimp.c
@@ -2785,6 +2785,14 @@ SV* dbd_db_FETCH_attrib(SV *dbh, imp_dbh_t *imp_dbh, SV *keysv)
result= serverinfo ?
sv_2mortal(newSVpvn(serverinfo, strlen(serverinfo))) : &PL_sv_undef;
}
+#if ((MYSQL_VERSION_ID >= 50023 && MYSQL_VERSION_ID < 50100) || MYSQL_VERSION_ID >= 50111)
+ else if (kl == 10 && strEQ(key, "ssl_cipher"))
+ {
+ const char* ssl_cipher = mysql_get_ssl_cipher(imp_dbh->pmysql);
+ result= ssl_cipher ?
+ sv_2mortal(newSVpvn(ssl_cipher, strlen(ssl_cipher))) : &PL_sv_undef;
+ }
+#endif
else if (kl == 13 && strEQ(key, "serverversion"))
result= sv_2mortal(my_ulonglong2str(aTHX_ mysql_get_server_version(imp_dbh->pmysql)));
else if (strEQ(key, "sock"))
diff --git a/lib/DBD/mysql.pm b/lib/DBD/mysql.pm
index f49d408..26d8c53 100644
--- a/lib/DBD/mysql.pm
+++ b/lib/DBD/mysql.pm
@@ -1437,18 +1437,19 @@ handles (read only):
$errno = $dbh->{'mysql_errno'};
$error = $dbh->{'mysql_error'};
- $info = $dbh->{'mysql_hostinfo'};
+ $hostinfo = $dbh->{'mysql_hostinfo'};
$info = $dbh->{'mysql_info'};
$insertid = $dbh->{'mysql_insertid'};
- $info = $dbh->{'mysql_protoinfo'};
- $info = $dbh->{'mysql_serverinfo'};
- $info = $dbh->{'mysql_stat'};
- $threadId = $dbh->{'mysql_thread_id'};
+ $protoinfo = $dbh->{'mysql_protoinfo'};
+ $serverinfo = $dbh->{'mysql_serverinfo'};
+ $ssl_cipher = $dbh->{'mysql_ssl_cipher'};
+ $stat = $dbh->{'mysql_stat'};
+ $thread_id = $dbh->{'mysql_thread_id'};
These correspond to mysql_errno(), mysql_error(), mysql_get_host_info(),
mysql_info(), mysql_insert_id(), mysql_get_proto_info(),
-mysql_get_server_info(), mysql_stat() and mysql_thread_id(),
-respectively.
+mysql_get_server_info(), mysql_stat(), mysql_get_ssl_cipher()
+and mysql_thread_id() respectively.
=over 2
@@ -1473,6 +1474,19 @@ against:
50200
+=item mysql_ssl_cipher
+
+Returns the SSL encryption cipher used for the given connection to
+the server. In case SSL encryption was not enabled with C<mysql_ssl>
+or was not established returns undef.
+
+ my $ssl_cipher = $dbh->{mysql_ssl_cipher};
+ if (defined $ssl_cipher) {
+ print "Connection with server is encrypted with cipher: $ssl_cipher\n";
+ } else {
+ print "Connection with server is not encrypted\n";
+ }
+
=item mysql_dbd_stats
$info_hashref = $dhb->{mysql_dbd_stats};
diff --git a/t/92ssl_connection.t b/t/92ssl_connection.t
new file mode 100644
index 0000000..9819b3b
--- /dev/null
+++ b/t/92ssl_connection.t
@@ -0,0 +1,36 @@
+use strict;
+use warnings;
+
+use Test::More;
+use DBI;
+
+use vars qw($test_dsn $test_user $test_password);
+use lib 't', '.';
+require "lib.pl";
+
+my $dbh;
+eval {$dbh= DBI->connect($test_dsn, $test_user, $test_password,
+ { PrintError => 0, RaiseError => 1 });};
+if (!$dbh) {
+ plan skip_all => "no database connection";
+}
+
+my $have_ssl = eval { $dbh->selectrow_hashref("SHOW VARIABLES WHERE Variable_name = 'have_ssl'") };
+$dbh->disconnect();
+plan skip_all => 'Server does not support SSL connections' unless $have_ssl and $have_ssl->{Value} eq 'YES';
+
+plan tests => 4;
+
+$dbh = DBI->connect($test_dsn, $test_user, $test_password, { PrintError => 0, RaiseError => 0, mysql_ssl => 1, mysql_ssl_optional => 1 });
+ok(defined $dbh, 'DBD::mysql supports mysql_ssl=1 with mysql_ssl_optional=1 and connect to server') or diag('Error code: ' . ($DBI::err || 'none') . "\n" . 'Error message: ' . ($DBI::errstr || 'unknown'));
+
+ok(defined $dbh && defined $dbh->{mysql_ssl_cipher}, 'SSL connection was established') and diag("mysql_ssl_cipher is: ". $dbh->{mysql_ssl_cipher});
+
+$dbh = DBI->connect($test_dsn, $test_user, $test_password, { PrintError => 0, RaiseError => 0, mysql_ssl => 1 });
+if (defined $dbh) {
+ pass('DBD::mysql supports mysql_ssl=1 without mysql_ssl_optional=1 and connect to server');
+ ok(defined $dbh->{mysql_ssl_cipher}, 'SSL connection was established');
+} else {
+ is($DBI::errstr, 'SSL connection error: Enforcing SSL encryption is not supported', 'DBD::mysql supports mysql_ssl=1 without mysql_ssl_optional=1 and fail because cannot enforce SSL encryption') or diag('Error message: ' . ($DBI::errstr || 'unknown'));
+ is($DBI::err, 2026, 'DBD::mysql error code is SSL related') or diag('Error code: ' . ($DBI::err || 'unknown'));
+}