Add support for 'prefer' TLS mode and make it default

CONTRIBUTING.md

@@ -76,7 +76,7 @@ were args are one of the following:
 | Query Argument | Description | Values |
 |----------------|-------------|--------|
 | use_prepared_statements    | whether to use client-side query interpolation or server-side argument binding | <li>true = (default) use server-side bindings </li><li>false = user client side interpolation</li> |
-| tlsmode            | the ssl policy for this connection | <li>none = don't use SSL for this connection</li><li>server = server must support SSL, but skip verification (INSECURE!)</li><li>server-prefer (default) = checks for SSL/TLS server support; if unsupported, SSL/TLS is not used for this connection. </li><li>server-strict = server must support SSL</li><li>custom = use custom TLS config (Need to generate certs with `resources/tests/genCerts.sh` in advance) </li> |
+| tlsmode            | the ssl policy for this connection | <li>none = don't use SSL for this connection</li><li>server = server must support SSL, but skip verification (INSECURE!)</li><li>prefer (default) = checks for SSL/TLS server support; if unsupported, SSL/TLS is not used for this connection. </li><li>server-strict = server must support SSL</li><li>custom = use custom TLS config (Need to generate certs with `resources/tests/genCerts.sh` in advance) </li> |
 | locator        | host and port of the Vertica connection | (default) localhost:5433 |
 | user           | Vertica user name | (default) dbadmin |
 | password       | Vertica password for the connecting user | (default) (empty) |

README.md

@@ -96,7 +96,7 @@ Currently supported query arguments are:
 |----------------|-------------|--------|
 | use_prepared_statements    | Whether to use client-side query interpolation or server-side argument binding. | 1 = (default) use server-side bindings <br>0 = user client side interpolation **(LESS SECURE)** |
 | connection_load_balance    | Whether to enable connection load balancing on the client side. | 0 = (default) disable load balancing <br>1 = enable load balancing |
-| tlsmode            | The ssl/tls policy for this connection. | <li>'none' = don't use SSL/TLS for this connection</li><li>'server' = server must support SSL/TLS, but skip verification **(INSECURE!)**</li><li>'server-prefer' (default) = checks for SSL/TLS server support; if unsupported, SSL/TLS is not used for this connection. </li><li>'server-strict' = server must support SSL/TLS</li><li>{customName} = use custom registered `tls.Config` (see "Using custom TLS config" section below)</li> |
+| tlsmode            | The ssl/tls policy for this connection. | <li>'none' = don't use SSL/TLS for this connection</li><li>'server' = server must support SSL/TLS, but skip verification **(INSECURE!)**</li><li>'prefer' (default) = checks for SSL/TLS server support; if unsupported, SSL/TLS is not used for this connection. </li><li>'server-strict' = server must support SSL/TLS</li><li>{customName} = use custom registered `tls.Config` (see "Using custom TLS config" section below)</li> |
 | backup_server_node    | A list of backup hosts for the client to try to connect if the primary host is unreachable. | a comma-seperated list of backup host-port pairs. E.g.<br> 'host1:port1,host2:port2,host3:port3'  |
 | client_label   | Sets a label for the connection on the server. This value appears in the `client_label` column of the SESSIONS system table. | (default) vertica-sql-go-{version}-{pid}-{timestamp} |
 | autocommit     | Controls whether the connection automatically commits transactions. | 1 = (default) on <br>0 = off|

connection.go

@@ -59,7 +59,7 @@ var (
 
 const (
 	tlsModeServer       = "server"
-	tlsModeServerPrefer = "server-prefer"
+	tlsModePrefer 		= "prefer"
 	tlsModeServerStrict = "server-strict"
 	tlsModeNone         = "none"
 )
@@ -86,9 +86,9 @@ func (t *_tlsConfigs) get(name string) (*tls.Config, bool) {
 var tlsConfigs = &_tlsConfigs{m: make(map[string]*tls.Config)}
 
 // db, err := sql.Open("vertica", "user@tcp(localhost:3306)/test?tlsmode=custom")
-// reserved modes: 'server', 'server-prefer', 'server-strict' or 'none'
+// reserved modes: 'server', 'prefer', 'server-strict' or 'none'
 func RegisterTLSConfig(name string, config *tls.Config) error {
-	if name == tlsModeServer || name == tlsModeServerPrefer || name == tlsModeServerStrict || name == tlsModeNone {
+	if name == tlsModeServer || name == tlsModePrefer || name == tlsModeServerStrict || name == tlsModeNone {
 		return fmt.Errorf("config name '%s' is reserved therefore cannot be used", name)
 	}
 	return tlsConfigs.add(name, config)
@@ -259,8 +259,8 @@ func newConnection(connString string) (*connection, error) {
 	// Read SSL/TLS flag.
 	sslFlag := strings.ToLower(result.connURL.Query().Get("tlsmode"))
 	if sslFlag == "" {
-		// Set default to tlsModeServerPrefer
-		sslFlag = tlsModeServerPrefer
+		// Set default to tlsModePrefer
+		sslFlag = tlsModeNone
 	}
 
 	// Read Workload flag
@@ -678,8 +678,8 @@ func (v *connection) initializeSSL(sslFlag string) error {
 	case tlsModeServer:
 		connectionLogger.Info("enabling SSL/TLS server mode")
 		v.conn = tls.Client(v.conn, &tls.Config{InsecureSkipVerify: true})
-	case tlsModeServerPrefer:
-		connectionLogger.Info("enabling SSL/TLS server prefer mode")
+	case tlsModePrefer:
+		connectionLogger.Info("enabling SSL/TLS prefer mode")
 		v.conn = tls.Client(v.conn, &tls.Config{ServerName: v.connURL.Hostname(), InsecureSkipVerify: true})
 	case tlsModeServerStrict:
 		connectionLogger.Info("enabling SSL/TLS server strict mode")

driver_test.go

@@ -201,7 +201,7 @@ func TestTLSConfiguration(t *testing.T) {
 		switch *tlsMode {
 		case "none":
 			assertEqual(t, sslState, "None")
-		case "server", "server-prefer", "server-strict":
+		case "server", "prefer", "server-strict":
 			assertEqual(t, sslState, "Server")
 		case "custom":
 			assertEqual(t, sslState, "Mutual")
@@ -1227,7 +1227,7 @@ func TestClientOSHostnameProperty(t *testing.T) {
 var verticaUserName = flag.String("user", "dbadmin", "the user name to connect to Vertica")
 var verticaPassword = flag.String("password", os.Getenv("VERTICA_TEST_PASSWORD"), "Vertica password for this user")
 var verticaHostPort = flag.String("locator", "localhost:5433", "Vertica's host and port")
-var tlsMode = flag.String("tlsmode", "none", "SSL/TLS mode (none, server, server-prefer, server-strict, custom)")
+var tlsMode = flag.String("tlsmode", "none", "SSL/TLS mode (none, server, prefer, server-strict, custom)")
 var usePreparedStmts = flag.Bool("use_prepared_statements", true, "whether to use prepared statements for all queries/executes")
 var oauthAccessToken = flag.String("oauth_access_token", os.Getenv("VERTICA_TEST_OAUTH_ACCESS_TOKEN"), "the OAuth Access Token to connect to Vertica")