Perl DBI:通过SSL的mysql连接失败
[英]Perl DBI:mysql connection over SSL fails
问题描述
Long time reader but this is my first question here. 
长期的读者,但这是我的第一个问题。
I have a MySQL server in a data center and processing servers in another place, therefore I need to encrypt connections from my Perl scripts to the database. 我在数据中心中有一个MySQL服务器,在另一个地方有处理服务器,因此我需要加密从我的Perl脚本到数据库的连接。 All the necessary settings were made on MySQL (creation of a new user, creation of ca, server and client keys) and MySQL connections over SSL work fine. 所有必需的设置都在MySQL上进行(创建新用户,创建ca,服务器和客户端密钥),并且通过SSL的MySQL连接可以正常工作。
root@server:# mysql -h _HOST_ --port 3306 -u _SSL_USER_ --ssl-cert=/etc/mysql/certs/client-cert.pem --ssl-key=/etc/mysql/certs/client-key.pem -p _DATABASE_
Enter password:
Welcome to the MySQL monitor.
Commands end with ; or \g.
Your MySQL connection id is 49694205
Server version: 5.0.96 Source distribution ...
So, I believe set up is good. 因此,我相信设置很好。 The problem is that I can't make my Perl script to connect to the database. 问题是我无法使Perl脚本连接到数据库。 The returned error is simply: 返回的错误很简单:
Access denied for user '_SSL_USER_'@' HOST ' (using password: YES) at temp.pl line 7. temp.pl第7行拒绝用户'_SSL_USER _'@' HOST '的访问(使用密码:是)。
To simplify, I've put only the following code in my script: 为了简化,我只在脚本中添加了以下代码:
#!/usr/bin/perl
use strict;
use DBI;
#DBI->trace(5);
my $dbh = DBI->connect(
"DBI:mysql:database=_DATABASE_;host=_HOST_;
mysql_ssl=1;
mysql_ssl_client_key=/etc/mysql/certs/client-key.pem;
mysql_ssl_client_cert=/etc/mysql/certs/client-cert.pem;
mysql_ssl_ca_file=/etc/mysql/certs/ca-cert.pem",
'_SSL_USER_',
'_SSL_USER_PWD_'
) || die DBI->errstr;
exit(0);
Perl version is v5.10.0 built for i486-linux-thread-multi. Perl版本是为i486-linux-thread-multi构建的v5.10.0。 The DBD::mysql module was compiled with the '-ssl' option. DBD :: mysql模块是使用'-ssl'选项编译的。
I can't figure it out or find ways to further debug. 我无法弄清楚或找不到进一步调试的方法。 Any help would be much appreciated. 任何帮助将非常感激。
Thank you! 谢谢!
1 个解决方案
解决方案1
1 2014-05-09 15:18:08
Are you using the latest version from all Perl modules? 您是否正在使用所有Perl模块的最新版本?
I have found this thread: http://forums.mysql.com/read.php?51,78084,78264#msg-78264 我发现了这个线程: http : //forums.mysql.com/read.php?51,78084,78264#msg-78264
Fixed it.
Maybe removing the username/password would help? 也许删除用户名/密码会有所帮助?
my $dbh = DBI->connect(
"DBI:mysql:database=_DATABASE_;host=_HOST_;
mysql_ssl=1;
mysql_ssl_client_key=/etc/mysql/certs/client-key.pem;
mysql_ssl_client_cert=/etc/mysql/certs/client-cert.pem;
mysql_ssl_ca_file=/etc/mysql/certs/ca-cert.pem",
'',
''
) || die DBI->errstr;
Can't say what the problem is for you, but I'm assuming you have included the username and password in the DBI->connect line and the other thing is that the cacert and client certs need to be on your remote computer (the one with the PERL script).
You could try to tracing the error: http://search.cpan.org/perldoc/DBI#TRACING 您可以尝试跟踪错误: http : //search.cpan.org/perldoc/DBI#TRACING
DBI_TRACE=8=/tmp/dbitrace.log
export DBI_TRACE
./your_program.pl
You could use shell variables to make sure you are doing the same in Perl and in shell: 您可以使用shell变量来确保您在Perl和shell中都执行相同的操作:
export DB_HOST="your host"
export DB_USER=""
export DB_PWD=""
export DB_DATABASE=""
mysql -h "$DB_HOST" --port 3306 -u "DB_USER" --ssl-cert=/etc/mysql/certs/client-cert.pem --ssl-key=/etc/mysql/certs/client-key.pem -p "$DB_DATABASE"
my $dbh = DBI->connect(
"DBI:mysql:database=$ENV{"DB_HOST"};host=$ENV{"DB_HOST"};
mysql_ssl=1;
mysql_ssl_client_key=/etc/mysql/certs/client-key.pem;
mysql_ssl_client_cert=/etc/mysql/certs/client-cert.pem;
mysql_ssl_ca_file=/etc/mysql/certs/ca-cert.pem",
'',
''
) || die DBI->errstr;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.