[pypy-issue] Issue #2128: PyPY breaks SSL connections in MySQLdb 1.2.25 (pypy/pypy)

Sat, 29 Aug 2015 12:31:48 -0700 

New issue 2128: PyPY breaks SSL connections in MySQLdb 1.2.25
https://bitbucket.org/pypy/pypy/issues/2128/pypy-breaks-ssl-connections-in-mysqldb

Adam McKenna:

With PyPy:

# pypy -m pip freeze|grep -i mysql
MySQL-python==1.2.5

Python 2.7.9 (295ee98b6928, May 31 2015, 07:29:04)
[PyPy 2.6.0 with GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>> import MySQLdb
>>>> ssl = {'cert': '/etc/mysql/ssl/client-cert.pem', 'key': 
>>>> '/etc/mysql/ssl/client-key.pem'}
>>>> dbh = MySQLdb.connect(host='db',user='mysql_test',passwd='hello',ssl=ssl)
SSL error: Unable to get certificate from ''
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/pypy-2.6.0-linux64/site-packages/MySQLdb/__init__.py", line 
81, in Connect
    return Connection(*args, **kwargs)
  File "/usr/local/pypy-2.6.0-linux64/site-packages/MySQLdb/connections.py", 
line 193, in __init__
    super(Connection, self).__init__(*args, **kwargs2)
OperationalError: (2026, 'SSL connection error: Unable to get certificate')


With regular python 2.7.9:

Python 2.7.9 (default, Mar  1 2015, 12:57:24) 
[GCC 4.9.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import MySQLdb
>>> ssl = {'cert': '/etc/mysql/ssl/client-cert.pem', 'key': 
>>> '/etc/mysql/ssl/client-key.pem'}
>>> dbh = MySQLdb.connect(host='db',user='mysql_test',passwd='hello',ssl=ssl)
>>> dbc = dbh.cursor()
>>> dbc.execute("show status like 'ssl_cipher'");
1L
>>> print dbc.fetchone()
('Ssl_cipher', 'DHE-RSA-AES256-SHA')

Using PyPY with a tuple for ssl (suggested by several StackExchange posts and 
other sites) does not return an error, however the select shows that no 
encryption is being used and MySQL rejects the connection if REQUIRE SSL is 
used.

>>>> import MySQLdb
>>>> ssl = ({'ca': '/etc/mysql/ssl/ca-cert.pem', 'cert': 
>>>> '/etc/mysql/ssl/client-cert.pem', 'key': '/etc/mysql/ssl/client-key.pem'},)
>>>> dbh = MySQLdb.connect(host='db',user='mysql_test',passwd='hello',ssl=ssl)
>>>> dbc = dbh.cursor()
>>>> dbc.execute("show status like 'ssl_cipher'");
1L
>>>> print dbc.fetchone()
('Ssl_cipher', '')

after adding REQUIRE SSL:

MariaDB [mysql]> grant select on mysql.* to mysql_test require ssl;
Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]> flush privileges;
Query OK, 0 rows affected (0.01 sec)

Python 2.7.9 (295ee98b6928, May 31 2015, 07:29:04)
[PyPy 2.6.0 with GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>> import MySQLdb
>>>> ssl = ({'ca': '/etc/mysql/ssl/ca-cert.pem', 'cert': 
>>>> '/etc/mysql/ssl/client-cert.pem', 'key': '/etc/mysql/ssl/client-key.pem'},)
>>>> dbh = MySQLdb.connect(host='db',user='mysql_test',passwd='hello',ssl=ssl)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/pypy-2.6.0-linux64/site-packages/MySQLdb/__init__.py", line 
81, in Connect
    return Connection(*args, **kwargs)
  File "/usr/local/pypy-2.6.0-linux64/site-packages/MySQLdb/connections.py", 
line 193, in __init__
    super(Connection, self).__init__(*args, **kwargs2)
OperationalError: (1045, "Access denied for user 'mysql_test'@'[my ip]' (using 
password: YES)")


_______________________________________________
pypy-issue mailing list
pypy-issue@python.org
https://mail.python.org/mailman/listinfo/pypy-issue

Reply via email to