[pypy-issue] Issue #2128: PyPY breaks SSL connections in MySQLdb 1.2.25 (pypy/pypy)
Adam McKenna
issues-reply at bitbucket.org
Sat Aug 29 21:31:24 CEST 2015
New issue 2128: PyPY breaks SSL connections in MySQLdb 1.2.25
https://bitbucket.org/pypy/pypy/issues/2128/pypy-breaks-ssl-connections-in-mysqldb
Adam McKenna:
With PyPy:
# pypy -m pip freeze|grep -i mysql
MySQL-python==1.2.5
Python 2.7.9 (295ee98b6928, May 31 2015, 07:29:04)
[PyPy 2.6.0 with GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>> import MySQLdb
>>>> ssl = {'cert': '/etc/mysql/ssl/client-cert.pem', 'key': '/etc/mysql/ssl/client-key.pem'}
>>>> dbh = MySQLdb.connect(host='db',user='mysql_test',passwd='hello',ssl=ssl)
SSL error: Unable to get certificate from ''
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/pypy-2.6.0-linux64/site-packages/MySQLdb/__init__.py", line 81, in Connect
return Connection(*args, **kwargs)
File "/usr/local/pypy-2.6.0-linux64/site-packages/MySQLdb/connections.py", line 193, in __init__
super(Connection, self).__init__(*args, **kwargs2)
OperationalError: (2026, 'SSL connection error: Unable to get certificate')
With regular python 2.7.9:
Python 2.7.9 (default, Mar 1 2015, 12:57:24)
[GCC 4.9.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import MySQLdb
>>> ssl = {'cert': '/etc/mysql/ssl/client-cert.pem', 'key': '/etc/mysql/ssl/client-key.pem'}
>>> dbh = MySQLdb.connect(host='db',user='mysql_test',passwd='hello',ssl=ssl)
>>> dbc = dbh.cursor()
>>> dbc.execute("show status like 'ssl_cipher'");
1L
>>> print dbc.fetchone()
('Ssl_cipher', 'DHE-RSA-AES256-SHA')
Using PyPY with a tuple for ssl (suggested by several StackExchange posts and other sites) does not return an error, however the select shows that no encryption is being used and MySQL rejects the connection if REQUIRE SSL is used.
>>>> import MySQLdb
>>>> ssl = ({'ca': '/etc/mysql/ssl/ca-cert.pem', 'cert': '/etc/mysql/ssl/client-cert.pem', 'key': '/etc/mysql/ssl/client-key.pem'},)
>>>> dbh = MySQLdb.connect(host='db',user='mysql_test',passwd='hello',ssl=ssl)
>>>> dbc = dbh.cursor()
>>>> dbc.execute("show status like 'ssl_cipher'");
1L
>>>> print dbc.fetchone()
('Ssl_cipher', '')
after adding REQUIRE SSL:
MariaDB [mysql]> grant select on mysql.* to mysql_test require ssl;
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.01 sec)
Python 2.7.9 (295ee98b6928, May 31 2015, 07:29:04)
[PyPy 2.6.0 with GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>> import MySQLdb
>>>> ssl = ({'ca': '/etc/mysql/ssl/ca-cert.pem', 'cert': '/etc/mysql/ssl/client-cert.pem', 'key': '/etc/mysql/ssl/client-key.pem'},)
>>>> dbh = MySQLdb.connect(host='db',user='mysql_test',passwd='hello',ssl=ssl)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/pypy-2.6.0-linux64/site-packages/MySQLdb/__init__.py", line 81, in Connect
return Connection(*args, **kwargs)
File "/usr/local/pypy-2.6.0-linux64/site-packages/MySQLdb/connections.py", line 193, in __init__
super(Connection, self).__init__(*args, **kwargs2)
OperationalError: (1045, "Access denied for user 'mysql_test'@'[my ip]' (using password: YES)")
More information about the pypy-issue
mailing list