堆栈内存溢出
  简体   繁体   English

rails mysql2:如何验证mysql服务器的SSL证书?

[英]rails mysql2: how to verify mysql server's SSL certificate?

 原文  2014-06-11 20:35:34       ruby-on-rails/ ssl/ ssl-certificate/ mysql2

问题描述

I'm trying to connect remotely to a mysql db over SSL, with the server's certificate verified to match the DNS domain used to connect to the server. 我试图通过SSL远程连接到mysql db,并验证服务器的证书以匹配用于连接到服务器的DNS域。

Using the command-line mysql tool, I can make such a connection using mysql --ssl-ca=/path/to/cacert.pem --ssl-verify-server-cert . 使用命令行mysql工具,我可以使用mysql --ssl-ca=/path/to/cacert.pem --ssl-verify-server-cert

Using rails mysql2, I set sslca: ¹, which causes a not-fully-verified SSL connection like mysql --ssl-ca= does. 使用rails mysql2,我设置了sslca: ¹,这会导致未经过完全验证的SSL连接,如mysql --ssl-ca=那样。 How do I do the equivalent of --ssl-verify-server-cert so that the connection fails if the server cert's domain is wrong? 我如何做--ssl-verify-server-cert的等效项,以便在服务器证书的域错误的情况下连接失败?

I've tried adding the following which had no effect on this issue: flags: SSL_VERIFY_SERVER_CERT , flags: CLIENT_SSL_VERIFY_SERVER_CERT , flags: 1073741824 , and secure_auth: true . 我尝试添加对此问题没有影响的以下内容: flags: SSL_VERIFY_SERVER_CERTflags: CLIENT_SSL_VERIFY_SERVER_CERTflags: 1073741824secure_auth: true

¹ either sslca: /path/to/cacert.pem in config/database.yml, or ?sslca=/path/to/cacert.pem in a mysql2:// URL ¹要么是sslca: /path/to/cacert.pem ?sslca=/path/to/cacert.pem中的sslca: /path/to/cacert.pem ,要么是mysql2:// URL中的?sslca=/path/to/cacert.pem

2 个解决方案

解决方案1
 3  2016-10-12 15:26:17

使用mysql2>=0.4.0 ,可以在适配器配置中设置sslverify: truesslca: path/to/cert_chain.pem ,以使客户端验证服务器身份。

解决方案2
 2 已采纳  2014-06-16 12:01:50

This is not one of the default connection flags in the Mysql2 gem, but the constant is available and can be bitwise OR-ed into the connection flags field before making a connection. 这不是Mysql2 gem中的默认连接标志之一,但是该常数可用,并且可以在建立连接之前按位或到连接标志字段中。

You can set the global default like this: 您可以这样设置全局默认值: 

Mysql2::Client::default_query_options[:connect_flags] |=
    Mysql2::Client::SSL_VERIFY_SERVER_CERT

Or set the flags per connection: 或为每个连接设置标志: 

client = Mysql2::Client.new(
    :connect_flags => (Mysql2::Client::default_query_options[:connect_flags]
                     | Mysql2::Client::SSL_VERIFY_SERVER_CERT)
    )

Hope that helps! 希望有帮助!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Rails服务器Mysql2 :: Error - Rails server Mysql2::Error 如何验证服务器SSL证书? - How to verify server SSL certificate? Rails服务器将无法运行-这是mysql2问题吗? - Rails server will not run - is this a mysql2 problem? Rails Server无法正常运行(LoadErrror mysql2)Windows - Rails Server not Working (LoadErrror mysql2) Windows Rails服务器不适用于mysql2 gem - Rails server not working with mysql2 gem Rails Server导致Mysql2出错 - Rails Server causes error with Mysql2 如何在 Rails 中通过 Gemfile 安装 mysql2 - how to install mysql2 via Gemfile in Rails 如何在黄瓜导轨中将 mysql2 转换为 psql - How to convert mysql2 to psql in cucumber rails 如何为 Rails 和 MySql2 更改 docker 组合? - How to change docker compose for Rails and MySql2? 无法启动 Rails 服务器 -> 无法加载此类文件 -- mysql2/mysql2 (LoadError) - cannot start rails server -> cannot load such file -- mysql2/mysql2 (LoadError)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM