Skip to content

Comments

Add SSL/TLS version to status output#1592

Merged
rolandwalker merged 1 commit intomainfrom
RW/show-ssl-version-in-status
Feb 21, 2026
Merged

Add SSL/TLS version to status output#1592
rolandwalker merged 1 commit intomainfrom
RW/show-ssl-version-in-status

Conversation

@rolandwalker
Copy link
Contributor

@rolandwalker rolandwalker commented Feb 20, 2026

Description

last image

Checklist

  • I added this contribution to the changelog.md file.
  • I added my name to the AUTHORS file (or it's already there).
  • To lint and format the code, I ran 
    uv run ruff check && uv run ruff format && uv run mypy --install-types .

@rolandwalker rolandwalker self-assigned this Feb 20, 2026
@github-actions
Copy link

github-actions bot commented Feb 20, 2026

Findings (by severity)

  1. Correctness: global SSL version cache can return wrong values across connections.
    get_ssl_version caches a single value in CACHED_SSL_VERSION for the entire process, but status is per-connection. If the first call is against a non-SSL session (or a server that doesn’t expose Ssl_version), subsequent calls for other connections will always show None, even if they are SSL-enabled. This is a regression for multi-connection workflows or reconnects.
    Path: mycli/packages/special/utils.py
    Action: remove the cache, or key the cache by connection identity (e.g., cur.connection.thread_id() plus host/port), and allow recalc when the connection changes.

  2. Correctness: cache “no row” sentinel permanently hides SSL version on other servers.
    When no row is returned, the cache is set to '', so future calls never requery. If you connect to an older server first and then to a newer one, you’ll never display the SSL version.
    Path: mycli/packages/special/utils.py
    Action: same as above—avoid global cache or tie it to the connection.

Missing tests / edge cases

  • Add tests for get_ssl_version / status output:
    • SSL-enabled session returns a version.
    • Non-SSL / no-row returns None (or desired placeholder).
    • Ensure values don’t leak across separate connection instances.
      Suggested location: test/test_dbspecial.py or a new test alongside existing special/dbcommands tests.

Notes

  • I didn’t run tests locally. If you want, I can add the tests and adjust the caching logic.

Possible next steps

  1. Remove or scope the SSL version cache per connection.
  2. Add unit tests for SSL version reporting (including cross-connection behavior).

@rolandwalker rolandwalker force-pushed the RW/show-ssl-version-in-status branch from f421719 to ffaa03b Compare February 20, 2026 21:55
scottnemes
scottnemes approved these changes Feb 20, 2026
View reviewed changes
Copy link
Contributor

@scottnemes scottnemes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Verified SSL version is shown when connected via SSL, and that <null> is shown when connected without SSL.

@rolandwalker rolandwalker merged commit 19a7bfc into main Feb 21, 2026
8 checks passed
@rolandwalker rolandwalker deleted the RW/show-ssl-version-in-status branch February 21, 2026 10:50
@rolandwalker rolandwalker mentioned this pull request Feb 21, 2026
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scottnemes scottnemes scottnemes approved these changes

@amjith amjith Awaiting requested review from amjith

Assignees

@rolandwalker rolandwalker

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rolandwalker @scottnemes