I'm trying to connect to Google Cloud MYSQL server using SSL certificates and the python module PyMySQL with the following line:
connection = pymysql.connect(host=os.environ['SQL_HOST_IP'], user=os.environ['SQL_USER'], password = os.environ['SQL_PASSWORD'],
db='main', charset='utf8mb4', cursorclass=pymysql.cursors.DictCursor,
ssl={'key': 'client-key.pem', 'cert': 'client-cert.pem', 'ca': 'server-ca.pem'})
Unfortunately, I keep getting the following error:
ssl.CertificateError: hostname 'SQL_IP_ADDRESS' doesn't match '$ALIAS_FROM_SELF_SIGNED_SSL_CERT'
I've lookup up the issue, but can't find a fix that doesn't involve monkeypatching the ssl code to skip ssl verification. I explicitly list the IP address of the SQL Host but the ssl verification halts during ssl.match_hostname because the ssl certs are self-signed with a different host name.
I'm certain that my keys are valid, since I can connect with them using Ruby (Windows/Linux) and a linux mysql CLI. It seems to be an issue with ssl.match_hostname. It's similar to this question and this one but both sidestep the issue.
Is there a way to correctly handle self-signed SSL certs in Python.
Although the solution to your answer problem was denied as a merge request here: https://github.com/PyMySQL/PyMySQL/pull/555
You have the option to disable check_hostname. This works in version '0.7.11'
ssl_options = {
'key': 'client-key.pem',
'cert': 'client-cert.pem',
'ca': 'server-ca.pem',
'check_hostname': False
}
connection = pymysql.connect(
host=os.environ['SQL_HOST_IP'],
user=os.environ['SQL_USER'],
password = os.environ['SQL_PASSWORD'],
db='main',
charset='utf8mb4',
cursorclass=pymysql.cursors.DictCursor,
ssl=ssl_options
)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With