Menu
I'm trying to connect my database using SSL with PyMySQL, but I can't find good documentation on what the syntax is.
These credentials work in Workbench and with the CLI, but I get this error when using PyMySQL.
Can't connect to MySQL server on 'server.domain.com' ([WinError 10061] No connection could be made because the target machine actively refused it)")
db_conn = pymysql.connect(
host=db_creds['host'],
user=db_creds['user'],
passwd=db_creds['passwd'],
db=db_creds['db'],
charset=db_creds['charset'],
ssl={'ssl':{'ca': 'C:/SSL_CERTS/ca-cert.pem',
'key' : 'C:/SSL_CERTS/client-key.pem',
'cert' : 'C:/SSL_CERTS/client-cert.pem'
}
}
)
If I shut SSL off and drop the SSL parameter, I can connect unsecured just fine. What am I doing wrong with the SSL parameter?
Edit: PyMySQL now wants ssl parameters listed like this instead of in a dict.
db_conn = pymysql.connect(
host=db_creds['host'],
user=db_creds['user'],
passwd=db_creds['passwd'],
db=db_creds['db'],
charset=db_creds['charset'],
ssl_ca='C:/SSL_CERTS/ca-cert.pem',
ssl_key='C:/SSL_CERTS/client-key.pem',
ssl_cert='C:/SSL_CERTS/client-cert.pem'
)
277
Run the following query to check the SSL status in MySQL: SHOW GLOBAL VARIABLES LIKE '%ssl%'; STATUS; Note: You do not need to use capital letters. The example uses them to differentiate command syntax from what you're querying.
Connecting to server using MySQL Workbench over SSL Configure MySQL Workbench to connect securely over SSL. From the Setup New Connection dialogue, navigate to the SSL tab. Update the Use SSL field to "Require". In the SSL CA File: field, enter the file location of the BaltimoreCyberTrustRoot.
PyMySQL is an interface for connecting to a MySQL database server from Python. It implements the Python Database API v2. 0 and contains a pure-Python MySQL client library. The goal of PyMySQL is to be a drop-in replacement for MySQLdb.
MySQL supports encrypted connections between clients and the server using the TLS (Transport Layer Security) protocol. TLS is sometimes referred to as SSL (Secure Sockets Layer) but MySQL does not actually use the SSL protocol for encrypted connections because its encryption is weak (see Section 6.3.
I had the same problem connecting pyMysql using client-side cert and key for users that REQUIRE X509, the TiDB (mySQL 5.7 compatible) server complained that no cert was supplied!!!
[2021/05/18 16:31:23.881 +00:00] [INFO] [privileges.go:258] ["ssl check failure, require x509 but no verified cert"] [user=mindline_root] [host=%]
Looking through the sourcecode of PyMysql 1.0.2, it appears that the ssl parameter is now a boolean instead of a ssl_dict, so you should put all your ssl parameters into individual arguements, e.g.,
db_conn = pymysql.connect(
host=db_creds['host'],
user=db_creds['user'],
passwd=db_creds['passwd'],
db=db_creds['db'],
charset=db_creds['charset'],
ssl_ca='C:/SSL_CERTS/ca-cert.pem',
ssl_key='C:/SSL_CERTS/client-key.pem',
ssl_cert='C:/SSL_CERTS/client-cert.pem'
)
Thanks for the help everyone. The syntax listed in the question is right, but the server I was attempting a connection to was using a non-standard port. I needed to add
port = db_creds['port']
Thanks, MannyKary, for the clue.
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
