Azure Functions (Python) cannot connect to Azure MySQL instance with [SSL: WRONG_VERSION_NUMBER]

Question

I'm creating a simple Azure Function using Python. It just simply read from an Azure MySQL instance and write something back to the same instance. However, I cannot connect to the database successfully.

import logging
from datetime import datetime

import azure.functions as func
import mysql.connector
from mysql.connector import errorcode

def connect_to_db():
    logging.info(os.getcwd()) 
    try:
        db_conn = mysql.connector.connect(
            user="...", 
            password='...', 
            host="....mysql.database.azure.com", 
            port=3306, 
            database='...'
        )
        return db_conn
    except mysql.connector.Error as err:
        if err.errno == errorcode.ER_ACCESS_DENIED_ERROR:
            logging.error("Something is wrong with your user name or password")
        elif err.errno == errorcode.ER_BAD_DB_ERROR:
            logging.error("Database does not exist")
        else:
            logging.error(err)

    return None


def main(req: func.HttpRequest) -> func.HttpResponse:
    logging.info('Python HTTP trigger function processed a request.')

    db_conn = connect_to_db()
    if db_conn:
        logging.info('DB Connection is established {}'.format(db_conn))
    else:
        return func.HttpResponse(
             "Azure Functions cannot connect to MySQL database.",
             status_code=500
        )

    ....

The code works fine on my local machine when I use func host start , I did use the same Azure MySQL instance as well.

However, after I deployed the Azure Function, it doesn't not work and give me the error below:

2055: Lost connection to MySQL server at '....mysql.database.azure.com:3306', 
system error: 1 [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:852)

I also tried disable the "SSL enforced" in Azure portal, and enabled Allow access to Azure services , which are not helpful.

Any help and comments will be appreciated! Thanks!

Answer 1

I solved the issue by myself eventually.

Here are the steps:

1. Download the SSL certificate from Azure document repo. You can get it here: https://docs.microsoft.com/en-us/azure/mysql/howto-configure-ssl

2. Put the certificate file along with the Azure Function project. For me, I put it in the root folder of the project because I'll likely to have multiple functions in this project that will require this certificate

3. Then, acquire the certification file in the python code as below

   import pathlib def get_ssl_cert(): current_path = pathlib.Path(__file__).parent.parent return str(current_path / 'BaltimoreCyberTrustRoot.crt.pem')

4. So, I can use the SSL certificate when I connect to MySQL

   # Connect to MySQL cnx = mysql.connector.connect( user="ctao@azure-mysql-test", password='*******', host="azure-mysql-test.mysql.database.azure.com", port=3306, database='ciscoepcstats', ssl_ca=get_ssl_cert() )

PS Disable the SSL verification is not an option for me because of the security concerns. But luckily I found the solution.

Answer 2

Please modify your code as below:

db_conn = mysql.connector.connect(
            user="...", 
            password='...', 
            host="....mysql.database.azure.com", 
            port=3306, 
            database='...',
            ssl_disabled=True
        )

and change the status of "Enforce SSL connection" to "DISABLED" in your azure mysql on azure portal.