Python MySQLDB SSL Connection

Question

I set my database to require ssl. I've confirmed I can connect to the db via command line by passing the public key [and have confirmed I can't connect if I do not pass public key]

I get the same error in my django app as when I do not pass a key. It seems I've not setup my settings.py correctly to pass the path to the public key.

What's wrong with my settings? I'm using python-mysqldb.

DATABASES['default'] = {
    'ENGINE': 'django.db.backends.mysql',
    'HOST': 'my-host-goes-here',
    'USER': 'my-user-goes-here',
    'NAME': 'my-db-name-goes-here',
    'PASSWORD': 'my-db-pass-goes-here',
    'OPTIONS': {
        'SSL': '/path/to/cert.pem',
    }
}

Answer 1

Found the answer. OPTIONS should look like this:

'OPTIONS': {'ssl': {'ca':'/path/to/cert.pem',},},

Make sure you keep the commas, parsing seemed to fail otherwise?

Answer 2

The mysql client must be provided with three keys:

CA cert client cert client key

See the Mysql documentation for the instructions for creating these keys and setting up the server: http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html

NOTE: There is an open issue that seems to be related to using openssl v1.0.1 to create the certificates for mysql 5.5.x (http://bugs.mysql.com/bug.php?id=64870)

This is an example entry for the Django settings file:

DATABASES = {
'default': {
              'ENGINE': 'django.db.backends.mysql',  
              'NAME': '<DATABASE NAME>',                     
              'USER': '<USER NAME>',
              'PASSWORD': '<PASSWORD>',
              'HOST': '<HOST>', 
              'PORT': '3306'    
              'OPTIONS':  {
                        'ssl': {'ca': '<PATH TO CA CERT>',
                                'cert': '<PATH TO CLIENT CERT>',
                                'key': '<PATH TO CLIENT KEY>'
                                }
                          }
            }
}