I'm trying to connect Django to a mysql database which is accessible through an ssl connection. How do I configure this?
My first guess would be setting the 'OPTIONS' property of the database definition. However, I can't find info on what possible options to use. The option 'ssl': '/map/to/ca-cert.pem' does not work.
The following command seems to work:
mysql -h url.to.host -u lizard -p --ssl-ca=./ca-cert.pem
Edit: Ok I'm looking at the python-mysqldb documentation... maybe I can find the answer there.
Django uses the Python MySQLdb library to interface with MySQL. Looking at the MySQLdb connection documentation, it looks like the ssl option requires a dictionary argument. So this might work:
'OPTIONS': {'ssl': {'key': '/map/to/ca-cert.pem'}}
The mysql client must be provided with three keys:
CA cert
client cert
client key
See the Mysql documentation for the instructions for creating these keys and setting up the server: http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html
NOTE: There is an open issue that seems to be related to using openssl v1.0.1 to create the certificates for mysql 5.5.x (http://bugs.mysql.com/bug.php?id=64870)
This is an example entry for the Django settings file:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': '<DATABASE NAME>',
'USER': '<USER NAME>',
'PASSWORD': '<PASSWORD>',
'HOST': '<HOST>',
'PORT': '3306'
'OPTIONS': {
'ssl': {'ca': '<PATH TO CA CERT>',
'cert': '<PATH TO CLIENT CERT>',
'key': '<PATH TO CLIENT KEY>'
}
}
}
}
I was getting a "SSL connection error: SSL_CTX_set_default_verify_paths failed')
"error when running python manage.py migrate
I used pip to install django-mysql-ssl package. It still wasn't working. I had to change "ca" to "ssl-ca" and now it works.
'OPTIONS': {
'ssl': {'ssl-ca': '<PATH TO CA CERT>',
}
}
I'm not sure if it is actually using encryption, but it no longer throws an error. I am running local django app connected to an AWS mariaDB instance.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 爷的心禁止访问 的文章《How to connect Django to a mysql database over an 》','https://www.manongdao.com/article-562703.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}