python - peewee mysql SSL: CERTIFICATE_VERIFY_FAILED -
python 3.4.3, pymysql 0.6.7 , 0.7.1, mysql 5.5.23 , 5.5.4x can't connect mysql ssl option. mysql workbench , mysql-client secure connection works fine. have tested on 2 mysql servers on debian , windows
here code , explanations
make certs
openssl genrsa 2048 > ca-key.pem; \ openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem; \ openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout server-key.pem > server-req.pem; \ openssl x509 -sha1 -req -in server-req.pem -days 730 -ca ca-cert.pem -cakey ca-key.pem -set_serial 01 > server-cert.pem; \ openssl rsa -in server-key.pem -out server-key.pem; \ openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout client-key.pem > client-req.pem; \ openssl x509 -sha1 -req -in client-req.pem -days 730 -ca ca-cert.pem -cakey ca-key.pem -set_serial 01 > client-cert.pem; \ openssl rsa -in client-key.pem -out client-key.pem; user create
create database dbname; grant privileges on dbname.* 'u1'@'%' identified '12345' require ssl; flush privileges; code
from __future__ import print_function import pymysql #conn = pymysql.connect(host='localhost', port=3306, user='root', passwd='', db='mysql') conn = pymysql.connect(host='localhost', port=3306, user='u1', passwd='12345', db='dbname', ssl = {'key': 'ssl/client-key.pem', 'cert': 'ssl/client-cert.pem', 'ca': 'ssl/ca-cert.pem'}) cur = conn.cursor() #cur.execute("select host,user user") cur.execute("show tables") print(cur.description) print() row in cur: print(row) cur.close() conn.close() error
traceback (most recent call last): file "c:\python34\lib\site-packages\pymysql\connections.py", line 851, in connect self._request_authentication() file "c:\python34\lib\site-packages\pymysql\connections.py", line 1017, in _request_authentication ca_certs=self.ca) file "c:\python34\lib\ssl.py", line 890, in wrap_socket ciphers=ciphers) file "c:\python34\lib\ssl.py", line 580, in __init__ self.do_handshake() file "c:\python34\lib\ssl.py", line 807, in do_handshake self._sslobj.do_handshake() ssl.sslerror: [ssl: certificate_verify_failed] certificate verify failed (_ssl.c:600) during handling of above exception, exception occurred: traceback (most recent call last): file "c:/users/user/py/prjct/test.py", line 24, in <module> conn = pymysql.connect(host='localhost', port=3306, user='u1', passwd='12345', db='dbname', ssl = {'key': 'ssl/client-key.pem', 'cert': 'ssl/client-cert.pem', 'ca': 'ssl/ca-cert.pem'}) file "c:\python34\lib\site-packages\pymysql\__init__.py", line 88, in connect return connection(*args, **kwargs) file "c:\python34\lib\site-packages\pymysql\connections.py", line 657, in __init__ self.connect() file "c:\python34\lib\site-packages\pymysql\connections.py", line 882, in connect raise exc pymysql.err.operationalerror: (2003, "can't connect mysql server on 'localhost' ([ssl: certificate_verify_failed] certificate verify failed (_ssl.c:600))") update: i'm missed part of instructions:
``` whatever method use generate certificate , key files, common name value used server , client certificates/keys must each differ common name value used ca certificate. otherwise, certificate , key files not work servers compiled using openssl. ``` when openssl prompts common name each certificate, use different names.
but helps , raise new errors: first - dhkey not enought leght, , i'm update test mysql server last 5.7.11 helps , raise new error common name not match localhost , have regenerate certificates new common name localhost
and shows me again error - ([ssl: certificate_verify_failed] certificate verify failed (_ssl.c:600))
try:
conn = pymysql.connect(host='localhost', port=3306, user='u1', passwd='12345', db='dbname', ssl={'ssl': {'key': 'ssl/client-key.pem', 'cert': 'ssl/client-cert.pem', 'ca': 'ssl/ca-cert.pem'}})
have same problem , works me.
Comments
Post a Comment