fix: MySQL 5.7 SSL error with auto-detected client

[AaronFeledy]

Problem

When db_client: auto detects MySQL 5.7, it installs the MySQL 8.0 client. The 8.0 client enforces SSL verification by default, but MySQL 5.7 uses self-signed certificates, causing:

ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain

Reported in lando/lando#3833 by @yorkshire-pudding.

Test

Added examples/db-client-mysql57 to reproduce the failure — PHP 8.4 + MySQL 5.7 with auto-detected client, verifying mysql/mysqldump connectivity.

Fix

TBD — likely adding ssl-mode=PREFERRED to the MySQL client config in mysql-client-install.sh.

---

Note

Medium Risk
Changes default MySQL client SSL behavior globally and adjusts DB service type parsing, which could affect connectivity/security expectations across projects if assumptions differ.

Overview
Fixes MySQL 5.7 connection failures when db_client: auto installs a MySQL 8.x client by writing ssl-mode=PREFERRED into the generated MySQL client config (scripts/mysql-client-install.sh) so self-signed chains don’t hard-fail.

Improves database type/version auto-detection in builders/php.js to recognize mysql/mariadb service types with or without explicit versions (and recipe-prefixed variants), applying sensible default versions when omitted.

Adds a new examples/db-client-mysql57 leia test (and wires it into the PR workflow matrix) to reproduce/guard against the MySQL 5.7 SSL error scenario using an Apache appserver and services.run mysql commands.

^{Written by Cursor Bugbot for commit b9d18d6. This will update automatically on new commits. Configure here.}

[netlify]

✅ Deploy Preview for lando-php ready!

Name	Link
🔨 Latest commit	b9d18d6
🔍 Latest deploy log	https://app.netlify.com/projects/lando-php/deploys/6997d30bffbb530007e560f3
😎 Deploy Preview	https://deploy-preview-224--lando-php.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 79 (🔴 down 15 from production) Accessibility: 98 (no change from production) Best Practices: 100 (no change from production) SEO: 100 (no change from production) PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is ON. A Cloud Agent has been kicked off to fix the reported issue.}

[cursor]

Bugbot Autofix prepared fixes for 1 of the 1 bugs found in the latest run.

• ✅ Fixed: SSL disabled globally, not just for MySQL 5.7
  • Removed ssl-mode=DISABLED to allow MySQL client to use default PREFERRED mode, which supports both self-signed certificates and servers requiring SSL.

Or push these changes by commenting:

@cursor push f8c39f0257

Preview (f8c39f0257)

diff --git a/scripts/mysql-client-install.sh b/scripts/mysql-client-install.sh
--- a/scripts/mysql-client-install.sh
+++ b/scripts/mysql-client-install.sh
@@ -50,15 +50,10 @@
 cat > /etc/mysql/conf.d/lando.cnf << 'MYCNF'
 [client]
 default-character-set=utf8mb4
-# Disable SSL verification for local dev — containers on the same Docker
-# network don't need encrypted connections, and older MySQL versions
-# (e.g. 5.7) use self-signed certs that cause verification failures
-ssl-mode=DISABLED
 
 [mysqldump]
 # Prevent column-statistics errors with newer mysqldump
 skip-column-statistics
-ssl-mode=DISABLED
 MYCNF
 
 if ! mysql --version 2>/dev/null; then