[feat] Update SSL option to connect securely by default

.gitignore

@@ -15,3 +15,6 @@
 
 .venv/
 venv/
+
+.myclirc
+uv.lock

changelog.md

@@ -3,7 +3,8 @@ Upcoming (TBD)
 
 Features
 --------
-* Update query processing functions to allow automatic show_warnings to work for more code paths like DDL
+* Update query processing functions to allow automatic show_warnings to work for more code paths like DDL.
+* Update the default SSL value to connect securely by default. Add a --no-ssl option to disable it.
 
 Bug Fixes
 --------

mycli/main.py

@@ -1343,7 +1343,9 @@ def get_last_query(self) -> str | None:
 @click.option("--ssh-key-filename", help="Private key filename (identify file) for the ssh connection.")
 @click.option("--ssh-config-path", help="Path to ssh configuration.", default=os.path.expanduser("~") + "/.ssh/config")
 @click.option("--ssh-config-host", help="Host to connect to ssh server reading from ssh configuration.")
-@click.option("--ssl", "ssl_enable", is_flag=True, help="Enable SSL for connection (automatically enabled with other flags).")
+@click.option(
+    "--ssl/--no-ssl", "ssl_enable", is_flag=True, default=True, help="Enable SSL for connection (automatically enabled with other flags)."
+)
 @click.option("--ssl-ca", help="CA file in PEM format.", type=click.Path(exists=True))
 @click.option("--ssl-capath", help="CA directory.")
 @click.option("--ssl-cert", help="X509 cert in PEM format.", type=click.Path(exists=True))

test/features/db_utils.py

@@ -1,5 +1,7 @@
 # type: ignore
 
+import ssl
+
 import pymysql
 
 
@@ -14,8 +16,11 @@ def create_db(hostname="localhost", port=3306, username=None, password=None, dbn
     :return:
 
     """
+    ctx = ssl.create_default_context()
+    ctx.check_hostname = False
+    ctx.verify_mode = ssl.VerifyMode.CERT_NONE
     cn = pymysql.connect(
-        host=hostname, port=port, user=username, password=password, charset="utf8mb4", cursorclass=pymysql.cursors.DictCursor
+        host=hostname, port=port, user=username, password=password, charset="utf8mb4", cursorclass=pymysql.cursors.DictCursor, ssl=ctx
     )
 
     with cn.cursor() as cr:
@@ -39,8 +44,18 @@ def create_cn(hostname, port, password, username, dbname):
     :return: psycopg2.connection
 
     """
+    ctx = ssl.create_default_context()
+    ctx.check_hostname = False
+    ctx.verify_mode = ssl.VerifyMode.CERT_NONE
     cn = pymysql.connect(
-        host=hostname, port=port, user=username, password=password, db=dbname, charset="utf8mb4", cursorclass=pymysql.cursors.DictCursor
+        host=hostname,
+        port=port,
+        user=username,
+        password=password,
+        db=dbname,
+        charset="utf8mb4",
+        cursorclass=pymysql.cursors.DictCursor,
+        ssl=ctx,
     )
 
     return cn
@@ -56,8 +71,18 @@ def drop_db(hostname="localhost", port=3306, username=None, password=None, dbnam
     :param dbname: string
 
     """
+    ctx = ssl.create_default_context()
+    ctx.check_hostname = False
+    ctx.verify_mode = ssl.VerifyMode.CERT_NONE
     cn = pymysql.connect(
-        host=hostname, port=port, user=username, password=password, db=dbname, charset="utf8mb4", cursorclass=pymysql.cursors.DictCursor
+        host=hostname,
+        port=port,
+        user=username,
+        password=password,
+        db=dbname,
+        charset="utf8mb4",
+        cursorclass=pymysql.cursors.DictCursor,
+        ssl=ctx,
     )
 
     with cn.cursor() as cr: