Opened 13 years ago
Last modified 12 years ago
#9949 closed enhancement
MySQL over SSL not implemented — at Initial Version
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | high | Milestone: | 1.0 |
Component: | database backend | Version: | 0.12-stable |
Severity: | normal | Keywords: | mysql mysqldb ssl bitesized patch |
Cc: | Thijs Triemstra | Branch: | |
Release Notes: | |||
API Changes: | |||
Internal Changes: |
Description
I am not able to connect to a remote MySQL server with a user that requires SSL. When looking into db/mysql_backend.py I do not see a way to make any information about SSL show up in the MySQLdb.connect() call.
How to reproduce:
All of these were performed on December 27, 2010:
- Install Trac dependencies: yum install python-genshi python-setuptools MySQL-python swig mod_wsgi python-docutils python-pygments
- Install Trac: easy_install Trac==0.12
- Installed: /usr/lib/python2.7/site-packages/Trac-0.12-py2.7.egg
- Set up for wsgi over Apache
- Create a user in MySQL that has REQUIRE SSL set: GRANT ALL ON trac.* TO 'tracuser'@'tracserver-IP' IDENTIFIED BY 'password' REQUIRE SSL;
- Setup trac.ini to connect: database = mysql://tracuser:password@remotemysql:3306/trac
- Connect to https://myserver/trac
System Information
- uname -a: Linux admin 2.6.35.4-rscloud #8 SMP Mon Sep 20 15:54:33 UTC 2010 x86_64 x86_64 x86_64 GNU/Linux
- cat /etc/issue: Fedora release 14 (Laughlin)
- python —version: Python 2.7 (installed using yum)
- mysql —version: mysql Ver 14.12 Distrib 5.0.77, for redhat-linux-gnu (x86_64) using readline 5.1 (installed using yum on CentOS5)
- yum info MySQL-python: Arch: x86_64, Version: 1.2.3, Release: 0.5.c1.fc14 (installed using yum)
Backtrace
Note that the line numbers for mysql_backend.py don't seem to correspond to what is currently tip of the 0.12 branch. Perhaps there is something lacking in the easy_install script?
File "/usr/lib/python2.7/site-packages/Trac-0.12-py2.7.egg/trac/db/mysql_backend.py", line 85, in get_connection cnx = MySQLConnection(path, log, user, password, host, port, params) File "/usr/lib/python2.7/site-packages/Trac-0.12-py2.7.egg/trac/db/mysql_backend.py", line 225, in __init__ host=host, port=port, charset='utf8') File "/usr/lib64/python2.7/site-packages/MySQLdb/__init__.py", line 81, in Connect return Connection(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/MySQLdb/connections.py", line 187, in __init__ super(Connection, self).__init__(*args, **kwargs2) OperationalError: (1045, "Access denied for user 'tracuser'@'remotemysql' (using password: YES)")
Workaround
In order to get this to work for me, I modified the two main files in Trac so that the SSL information can be passed in using trac.ini configuration. I realize that this is not a good final solution (e.g., it doesn't allow for only specifying CA cert).
- diff /usr/lib/python2.7/site-packages/Trac-0.12-py2.7.egg/trac/db/api.py.orig /usr/lib/python2.7/site-packages/Trac-0.12-py2.7.egg/trac/db/api.py
270a271 > ssl = None 277c278,283 < value = urllib.unquote(value) --- > if ';' in value : > # trac.ini: database = mysql://tracuser:password@remotemysql:3306/trac?ssl=ca_cert;client_cert;client_key > ca,cert,key = value.split(';',2) > value = {'ca':ca,'cert':cert,'key':key} > else: > value = urllib.unquote(value)
- diff /usr/lib/python2.7/site-packages/Trac-0.12-py2.7.egg/trac/db/mysql_backend.py.orig /usr/lib/python2.7/site-packages/Trac-0.12-py2.7.egg/trac/db/mysql_backend.py
224c224,228 < cnx = MySQLdb.connect(db=path, user=user, passwd=password, --- > if(params['ssl'] != None): > cnx = MySQLdb.connect(db=path, user=user, passwd=password, > host=host, port=port, charset='utf8', ssl=params['ssl']) > else: > cnx = MySQLdb.connect(db=path, user=user, passwd=password,