ssl support

[4tochka]

Added ssl support for connection

using external parameter ssl context to wrap connection
steps:

1. wait once mysql handshake started using no ssl connection
2. set ssl upgrade bit and send reply to server
3. detach protocol and transport from socket
4. start new protocol and transport using ssl context
5. do ssl handshake

[codecov-io]

Codecov Report

Merging #156 into master will decrease coverage by 0.98%.
The diff coverage is 20%.

@@            Coverage Diff             @@
##           master     #156      +/-   ##
==========================================
- Coverage   92.01%   91.03%   -0.99%     
==========================================
  Files          12       12              
  Lines        1804     1829      +25     
  Branches      254      258       +4     
==========================================
+ Hits         1660     1665       +5     
- Misses         89      107      +18     
- Partials       55       57       +2

Impacted Files	Coverage Δ
aiomysql/connection.py	85.82% <20%> (-2.58%)	❌

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4eb7e66...0093aee. Read the comment docs.

[jettify]

Contribution in this area very appreciated! We need to figure out how to test SSL on CI, do we need specially configured MySQL?

[jettify]

sock = self._writer.transport.get_extra_info('socket', default=None) is beter, since _transport._sock private attributes

[jettify]

can we just self._writer._transport.close() ?

[4tochka]

If we just close transport asyncio close socket

[jettify]

go it, but not sure we need wot close transport...

[jettify]

Is it possible to pass ssl context in https://github.com/aio-libs/aiomysql/pull/156/files#diff-b4987acea49665e9f985c0da9f5604f4R487 without upgrading socket ourself and let asyncio to handle this?

[jettify]

it may be less robust but code simpler

[jettify]

could you clarify why we need this line? _call_connection_los is private... and may not work for other loop implementations.

[4tochka]

I do this to replace asyncio method behavior, to not close socket after close transport

[4tochka]

example of connection

    cert = '/Users/bitaps/.mysql/merchant/client-cert.pem'
    key = '/Users/bitaps/.mysql/merchant/client-key.pem'
    ca = "/Users/bitaps/.mysql/merchant/ca.pem"


    sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
    sslcontext.load_cert_chain(cert, key)
    sslcontext.verify_mode = ssl.CERT_REQUIRED
    sslcontext.check_hostname = False
    sslcontext.load_verify_locations(cafile=ca)
    conn = await aiomysql.connect(db="sys",
                    user="root",
                    password="******",
                    host="18*******204",
                    port=3306, sslcontext = sslcontext)
    cur = await conn.cursor()
    while True:
        await cur.execute("SHOW STATUS LIKE 'Ssl_cipher'")
        r = await cur.fetchone()
        print(r)

[jettify]

loop=self._loop should be passed explicitly.

[terrisgit]

I merged aiomysql 0.0.12 with this PR (resolved the conflicts in connection.py which is here- https://github.com/terrisgit/aiomysql/blob/master/aiomysql/connection.py) and everything is working great. However, #225 also supports AWS db auth tokens which also require SSL. Therefore, I think this PR should be denied unless the SSL implementation is better than #225 's in which case the two should be reconciled.

[jettify]

see #280

[jettify]

Thanks a lot for contribution, but other PR was finished first.