[英]peewee mysql SSL: CERTIFICATE_VERIFY_FAILED
python 3.4.3, pymysql 0.6.7 and 0.7.1, mysql 5.5.23 and 5.5.4x Can't connect to mysql with ssl option. python 3.4.3,pymysql 0.6.7和0.7.1,mysql 5.5.23和5.5.4x无法通过ssl选项连接到mysql。 With mysql workbench and with mysql-client secure connection works fine. 使用mysql workbench和mysql-client,安全连接可以正常工作。 I have tested it on two mysql servers on debian and windows 我已经在debian和Windows的两个mysql服务器上对其进行了测试
Here is code and explanations 这是代码和解释
make certs 制作证书
openssl genrsa 2048 > ca-key.pem; \
openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem; \
openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout server-key.pem > server-req.pem; \
openssl x509 -sha1 -req -in server-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem; \
openssl rsa -in server-key.pem -out server-key.pem; \
openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout client-key.pem > client-req.pem; \
openssl x509 -sha1 -req -in client-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem; \
openssl rsa -in client-key.pem -out client-key.pem;
user create 用户创建
CREATE DATABASE dbname;
GRANT ALL PRIVILEGES ON dbname.* TO 'u1'@'%' IDENTIFIED BY '12345' REQUIRE SSL;
FLUSH PRIVILEGES;
code 码
from __future__ import print_function
import pymysql
#conn = pymysql.connect(host='localhost', port=3306, user='root', passwd='', db='mysql')
conn = pymysql.connect(host='localhost', port=3306, user='u1', passwd='12345', db='dbname', ssl = {'key': 'ssl/client-key.pem', 'cert': 'ssl/client-cert.pem', 'ca': 'ssl/ca-cert.pem'})
cur = conn.cursor()
#cur.execute("SELECT Host,User FROM user")
cur.execute("SHOW TABLES")
print(cur.description)
print()
for row in cur:
print(row)
cur.close()
conn.close()
error 错误
Traceback (most recent call last):
File "C:\Python34\lib\site-packages\pymysql\connections.py", line 851, in connect
self._request_authentication()
File "C:\Python34\lib\site-packages\pymysql\connections.py", line 1017, in _request_authentication
ca_certs=self.ca)
File "C:\Python34\lib\ssl.py", line 890, in wrap_socket
ciphers=ciphers)
File "C:\Python34\lib\ssl.py", line 580, in __init__
self.do_handshake()
File "C:\Python34\lib\ssl.py", line 807, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:/Users/User/Py/prjct/test.py", line 24, in <module>
conn = pymysql.connect(host='localhost', port=3306, user='u1', passwd='12345', db='dbname', ssl = {'key': 'ssl/client-key.pem', 'cert': 'ssl/client-cert.pem', 'ca': 'ssl/ca-cert.pem'})
File "C:\Python34\lib\site-packages\pymysql\__init__.py", line 88, in Connect
return Connection(*args, **kwargs)
File "C:\Python34\lib\site-packages\pymysql\connections.py", line 657, in __init__
self.connect()
File "C:\Python34\lib\site-packages\pymysql\connections.py", line 882, in connect
raise exc
pymysql.err.OperationalError: (2003, "Can't connect to MySQL server on 'localhost' ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600))")
UPDATE: I'm missed this part of the instructions: 更新:我错过了说明的这一部分:
```
Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.
```
When OpenSSL prompts you for the Common Name for each certificate, use different names. 当OpenSSL提示您输入每个证书的通用名称时,请使用不同的名称。
BUT then It helps and raise new errors: first - dhkey not enought leght, and i'm update test mysql server to last 5.7.11 it helps and raise new error that common name not match localhost
and i have regenerate certificates with new common name localhost
但是然后它会帮助并引发新的错误:首先-dhkey不足,我将测试mysql服务器更新到最后5.7.11,它会帮助并引发新的错误,即公用名与localhost
不匹配,并且我已使用新的公用名重新生成了证书localhost
AND it shows me again error - ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)) 并且它再次显示我错误-([SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:600))
try: 尝试:
conn = pymysql.connect(host='localhost', port=3306, user='u1', passwd='12345', db='dbname', ssl={'ssl': {'key': 'ssl/client-key.pem', 'cert': 'ssl/client-cert.pem', 'ca': 'ssl/ca-cert.pem'}}) conn = pymysql.connect(host ='localhost',port = 3306,user ='u1',passwd ='12345',db ='dbname',ssl = {'ssl':{'key':'ssl / client -key.pem”,“ cert”:“ ssl / client-cert.pem”,“ ca”:“ ssl / ca-cert.pem”}})
Have the same problem and it works for me. 有同样的问题,它对我有用。
This may not directly answer your question but I believe there is some version conflict issue related issue with using mysql-python. 这可能无法直接回答您的问题,但是我相信使用mysql-python存在一些与版本冲突问题相关的问题。 I managed to connect via peewee (using ssl) using the following Anaconda/Pip versions: 我使用以下Anaconda / Pip版本设法通过peewee(使用ssl)进行连接:
python 2.7.15 h9bab390_6
pymysql 0.9.3 py27_0
mysql-connector-c 6.1.11 h597af5e_0
mysql-connector-python 8.0.12 py27haf6c83e_0
peewee 3.8.2 pypi_0 pypi
For completeness I connect to a Google Cloud Instance using SSL via: 为了完整起见,我通过以下方式使用SSL连接到Google Cloud实例:
import pewee as pw
from os.path import expanduser
home = expanduser("~")
perms = {'key': home+'/ssl/client-key.pem',
'cert': home+'/ssl/client-cert.pem',
'ca': home+'/ssl/server-ca.pem',
'check_hostname': False}
mysql_db = pw.MySQLDatabase(database=os.environ['GCP_DBNAME'],
host=os.environ['GCP_HOST'],
user=os.environ['GCP_USER'],
passwd=os.environ['GCP_PASS'],
ssl=perms)
Hope this helps anyone else that had the same error. 希望这对其他有相同错误的人有所帮助。 The updated versions also seem to work with Python 3.5. 更新的版本似乎也可以在Python 3.5中使用。 I'm on Ubuntu 16.04. 我在Ubuntu 16.04上。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.