[#34] Checkpoint: more PgSQL/CQL and hook

doc/devel/unit-tests.dox

@@ -64,6 +64,11 @@ The following environment variable can affect the unit tests:
   expected are by default silent. If set, these unit tests display real
   and expected logs.
 
+- KEA_MYSQL_HAVE_SSL - Specifies the SSL/TLS support status of MySQL.
+  When not set the corresponding MySQL global variable is read and
+  the environment of the unit test process is updated so usually this
+  variable is manually set only in order to enforce a particular status.
+
 - KEA_PIDFILE_DIR - Specifies the directory which should be used for PID files
   as used by dhcp::Daemon or its derivatives. If not specified, the
   default is <i>prefix</i>/var/run/kea, where <i>prefix</i> defaults to
@@ -169,12 +174,15 @@ anything e.g. `DEBUG=true`. `unset DEBUG` to remove this behavior.
   @verbatim
   mysql> CREATE USER 'keatest'@'localhost' IDENTIFIED BY 'keatest';
   mysql> CREATE USER 'keatest_readonly'@'localhost' IDENTIFIED BY 'keatest';
+  mysql> CREATE USER 'keatest_secure'@'localhost' IDENTIFIED BY 'keatest';
+  mysql> ALTER USER 'keatest_secure'@'localhost' REQUIRE X509;
   mysql>@endverbatim\n
   -# Grant the created users permissions to access the <i>keatest</i> database
   (again, the apostrophes around the user names and <i>localhost</i>
   are required):
   @verbatim
   mysql> GRANT ALL ON keatest.* TO 'keatest'@'localhost';
+  mysql> GRANT ALL ON keatest.* TO 'keatest_secure'@'localhost';
   mysql> GRANT SELECT ON keatest.* TO 'keatest_readonly'@'localhost';
   mysql>@endverbatim\n
   -# If you get <i>You do not have the SUPER privilege and binary logging is
@@ -193,6 +201,49 @@ anything e.g. `DEBUG=true`. `unset DEBUG` to remove this behavior.
   section in the <a href="https://kea.readthedocs.io/">Kea Administrator
   Reference Manual</a>).
 
+ @subsection mysqlUnitTestsILS MySQL Database with SSL/TLS
+
+  Usually MySQL is compiled with SSL/TLS support using OpenSSL.
+  This is easy to verify using the:
+
+@verbatim
+mysql> SHOW GLOBAL VARIABLES LIKE 'have_ssl';
+@endverbatim
+
+  The variable is documented to have three possible values:
+
+- DISABLED: compiled with TLS support but it was not configured
+
+- YES: compiled with configured TLS support
+
+- NO: not compiled with TLS support
+
+The value of this MySQL global variable is reflected by the
+KEA_MYSQL_HAVE_SSL environment variable.
+
+The keatest_secure user requires X509 so a client certificate. Of course
+in production a stricter requirement should be used, in particular when
+a client certificate should be bound to a particular user.
+
+MySQL unit tests reuse the asiolink library setup. This .my.cnf
+configuration file works with MariaDB 10.6.4:
+
+@verbatim
+[mysqld]
+ssl_cert=<kea-sources>/src/lib/asiolink/testutils/ca/kea-server.crt
+ssl_keyt=<kea-sources>/src/lib/asiolink/testutils/ca/kea-server.key
+ssl_ca=<kea-sources>/src/lib/asiolink/testutils/ca/kea-ca.crt
+
+[client-mariadb]
+ssl_cert=<kea-sources>/src/lib/asiolink/testutils/ca/kea-client.crt
+ssl_keyt=<kea-sources>/src/lib/asiolink/testutils/ca/kea-client.key
+ssl_ca=<kea-sources>/src/lib/asiolink/testutils/ca/kea-ca.crt
+ssl-verify-server-cert
+@endverbatim
+
+The last statement requires mutual authentication named two way in the
+MariaDB documentation.
+
  @subsection pgsqlUnitTestsPrerequisites PostgreSQL Database
 
   PostgreSQL set up differs from system to system. Please consult your