Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SSL Certification Error > hostname doesn't match

I'm trying to connect to Google Cloud MYSQL server using SSL certificates and the python module PyMySQL with the following line:

connection = pymysql.connect(host=os.environ['SQL_HOST_IP'], user=os.environ['SQL_USER'], password = os.environ['SQL_PASSWORD'],
db='main', charset='utf8mb4', cursorclass=pymysql.cursors.DictCursor, 
ssl={'key': 'client-key.pem', 'cert': 'client-cert.pem', 'ca': 'server-ca.pem'})

Unfortunately, I keep getting the following error:

ssl.CertificateError: hostname 'SQL_IP_ADDRESS' doesn't match '$ALIAS_FROM_SELF_SIGNED_SSL_CERT'

I've lookup up the issue, but can't find a fix that doesn't involve monkeypatching the ssl code to skip ssl verification. I explicitly list the IP address of the SQL Host but the ssl verification halts during ssl.match_hostname because the ssl certs are self-signed with a different host name.

I'm certain that my keys are valid, since I can connect with them using Ruby (Windows/Linux) and a linux mysql CLI. It seems to be an issue with ssl.match_hostname. It's similar to this question and this one but both sidestep the issue.

Is there a way to correctly handle self-signed SSL certs in Python.

like image 861
proximate_cause Avatar asked Mar 04 '17 12:03

proximate_cause


1 Answers

Although the solution to your answer problem was denied as a merge request here: https://github.com/PyMySQL/PyMySQL/pull/555

You have the option to disable check_hostname. This works in version '0.7.11'

ssl_options = {
    'key': 'client-key.pem',
    'cert': 'client-cert.pem',
    'ca': 'server-ca.pem',
    'check_hostname': False
}

connection = pymysql.connect(
    host=os.environ['SQL_HOST_IP'],
    user=os.environ['SQL_USER'],
    password = os.environ['SQL_PASSWORD'],
    db='main', 
    charset='utf8mb4', 
    cursorclass=pymysql.cursors.DictCursor, 
    ssl=ssl_options
)
like image 109
closedloop Avatar answered Sep 30 '22 21:09

closedloop