Skip to content

how to connect from a client machine with an ssl connection and don't have access to the cert and key #1014

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
stevenxuwoss opened this issue Nov 12, 2021 · 3 comments
Closed

how to connect from a client machine with an ssl connection and don't have access to the cert and key #1014

stevenxuwoss opened this issue Nov 12, 2021 · 3 comments

Comments

@stevenxuwoss
Copy link

Describe the bug
A clear and concise description of what the bug is.
don't have access to the cert and key, is there any way to simple add ssl=true ?
ssh

To Reproduce
Complete steps to reproduce the behavior:

Schema:

CREATE DATABASE ...
CREATE TABLE ...

Code:

import pymysql
con = pymysql.connect(...)

Expected behavior
A clear and concise description of what you expected to happen.

Environment

  • OS: [e.g. Windows, Linux]
  • Server and version: [e.g. MySQL 8.0.19, MariaDB]
  • PyMySQL version:

Additional context
Add any other context about the problem here.
@cakemanny
Copy link
Contributor

cakemanny commented Apr 15, 2022
edited
Loading

Assuming localhost, with self-signed certs, and server config

[mysqld]
bind-address = 127.0.0.1
mysqlx-bind-address = 127.0.0.1
require_secure_transport = ON

this works

import pymysql
import ssl

ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.VerifyMode.CERT_NONE

conn = pymysql.connect(user='root', host='127.0.0.1', ssl=ctx)

Obviously you can elide the disabling of verification if your certs are signed by a public CA.

Appending

cursor = conn.cursor()
cursor.execute("SHOW SESSION STATUS LIKE 'Ssl_cipher';")
for row in cursor:
    print(row)

gives the following when I tested

('Ssl_cipher', 'TLS_AES_256_GCM_SHA384')

This seems to me that the documentation for the ssl parameter needs updating

PyMySQL/pymysql/connections.py

Line 129 in eb108a6

:param ssl: A dict of arguments similar to mysql_ssl_set()'s parameters.

to make it more obvious this feature is available since 098a404 😄

I'd also been wondering about this for a number of months

@cakemanny
Copy link
Contributor

Ok. A shorter working example. Not sure if if violates some knowledge of the internals, but this works as at writing.

import pymysql
conn = pymysql.connect(user='root', host='127.0.0.1', ssl={"verify_mode": None})

or any non-empty dict really

@cakemanny
Copy link
Contributor

For the documenting of ssl taking an SSLContext, #1045 has been merged.
I forgot to mention this issue in there when opened that PR, 😅 , but hopefully that will help others in future.

@methane methane closed this as not planned Won't fix, can't repro, duplicate, stale May 19, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 20, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@methane @cakemanny @stevenxuwoss