Python MySQLdb的CA SSL参数不起作用，但是密钥起作用吗? [英] CA SSL parameter for Python MySQLdb not working, but key does?

问题描述

我正在尝试连接到需要SSL的MySQL数据库(仅进行服务器身份验证，而不是相互身份验证).我将服务器的CA保存为.pem，位于运行脚本的目录中.我的连接字符串如下所示:

I'm trying to connect to a MySQL DB that requires SSL (only doing server authentication, not mutual). I have the server's CA saved as a .pem in the same directory I'm running the script from. My connection string looks like this:

ssl_settings = {'ca':'ca.pem'}
conn = MySQLdb.connect(host=HOST, user=USER, passwd=PASS, db=DB, ssl=ssl_settings}

这将导致错误2026:SSL连接错误".但是，如果我将ssl_settings更改为:

This results in "Error 2026: SSL connection error". However, if I change ssl_settings to:

ssl_settings = {'key':'ca.pem'}

数据库连接正常，脚本执行.根据我对SSL参数的了解，"cert"和"key"仅应用于服务器的客户端身份验证，因此，后者的SSL设置似乎可以工作，为什么指定CA文件不起作用，这有什么原因吗?

The database connects just fine and the script executes. From my understanding of the SSL parameters, 'cert' and 'key' should only be for client authentication to the server, so is there any reason the latter SSL settings seem to work and why specifying the CA file does not?

Python 2.4.3(我知道是旧的)
MySQL-Python 1.2.1

Python 2.4.3 (old, I know)
MySQL-python 1.2.1

推荐答案

注意:此错误已得到修复.根据错误:

Note: this bug has since been fixed. Per the bug:

在5.1.66、5.5.28、5.6.7、5.7.0更改日志中注明.

Noted in 5.1.66, 5.5.28, 5.6.7, 5.7.0 changelogs.

--ssl-key选项的参数未验证是否存在且为 有效密钥.产生的连接使用SSL，但是密钥不是 使用.

The argument to the --ssl-key option was not verified to exist and be a valid key. The resulting connection used SSL, but the key was not used.

---

旧答案

要获得比我能提供的更好的描述，请参见 http://bugs.mysql .com/bug.php?id = 62743 和 http://www.chriscalender.com /?p = 325 .

For a much better description than I can give, see http://bugs.mysql.com/bug.php?id=62743 and http://www.chriscalender.com/?p=325.

从我(未经接受的教育)的理解来看，这是一个MySQL错误.只要您指定仅键(如在示例中所做的那样)，MySQL就会设置SSL连接，并授予您访问权限.另一个有趣的部分是您可以将键值更改为任何值，因此在您的示例中，您可以执行以下操作:

From my (admittedly uneducated) understanding, it is a MySQL bug. As long as you specify only a key (as you're doing in the example that works), MySQL sets the SSL connection and you're granted access. The other interesting part is that you can change the key value to be anything at all, so in your example, you could do:

ssl_settings = {'key': 'randomstuff'}

它仍然应该连接.

这篇关于Python MySQLdb的CA SSL参数不起作用，但是密钥起作用吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！