I'm trying to connect to a MySQL DB that requires SSL (only doing server authentication, not mutual). I have the server's CA saved as a .pem in the same directory I'm running the script from. My connection string looks like this:
ssl_settings = {'ca':'ca.pem'}
conn = MySQLdb.connect(host=HOST, user=USER, passwd=PASS, db=DB, ssl=ssl_settings}
This results in "Error 2026: SSL connection error". However, if I change ssl_settings to:
ssl_settings = {'key':'ca.pem'}
The database connects just fine and the script executes. From my understanding of the SSL parameters, 'cert' and 'key' should only be for client authentication to the server, so is there any reason the latter SSL settings seem to work and why specifying the CA file does not?
Python 2.4.3 (old, I know)
MySQL-python 1.2.1
Note: this bug has since been fixed. Per the bug:
Noted in 5.1.66, 5.5.28, 5.6.7, 5.7.0 changelogs.
The argument to the --ssl-key option was not verified to exist and be a valid key. The resulting connection used SSL, but the key was not used.
Old answer
For a much better description than I can give, see http://bugs.mysql.com/bug.php?id=62743 and http://www.chriscalender.com/?p=325.
From my (admittedly uneducated) understanding, it is a MySQL bug. As long as you specify only a key (as you're doing in the example that works), MySQL sets the SSL connection and you're granted access. The other interesting part is that you can change the key value to be anything at all, so in your example, you could do:
ssl_settings = {'key': 'randomstuff'}
and it should still connect.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With