Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mariadb: disable SSL and server cert verification by default #731

Merged
merged 6 commits into from
Nov 12, 2024
Merged

mariadb: disable SSL and server cert verification by default #731

merged 6 commits into from
Nov 12, 2024

Conversation

methane
Copy link
Member

@methane methane commented Oct 23, 2024

No description provided.

@codecov Codecov
Copy link

codecov bot commented Oct 23, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 88.86%. Comparing base (e2a908b) to head (dd37267).
Report is 19 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #731   +/-   ##
=======================================
  Coverage   88.86%   88.86%           
=======================================
  Files           7        7           
  Lines         548      548           
=======================================
  Hits          487      487           
  Misses         61       61

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@methane
fixup
611adf1
@methane
ssl_mode="REQUIRED" disables verification of the server certificate b…
9028b45 
…y default.

mariadb connector/c changed the default value of MYSQL_OPT_SSL_VERIFY_SERVER_CERT to 1.
this change makes it can be disabled by ssl_mode="DISABLED", "PREFERRED", and "REQUIRED".
@mgkid3310
Copy link

Suffering from same issue here, I was using MySQL with id/pw instead of ssl and worked fine until a few days ago the client in a newly installed python environment returned:

sqlalchemy.exc.OperationalError: (MySQLdb.OperationalError) (2026, 'TLS/SSL error: Certificate verification failure: The certificate is NOT trusted.')
(Background on this error at: https://sqlalche.me/e/20/e3q8)

Uninstalling mysqlclient, clearing cache and installing mysqlclient==2.2.4 solved the issue for me (with that MySQLdb.get_client_info() returns 3.3.8).

I tried disabling SSL auth in various methods but I had no luck on mysqlclient==2.2.5. Considering existing users using id/pw might face this issue, disabling ssl auth on default as mysqlclient up to 2.2.4 did might be a better option.

@methane methane merged commit 89511ee into PyMySQL:main Nov 12, 2024
13 of 14 checks passed
@methane methane deleted the mariadb-disable-default-verify branch November 12, 2024 10:06
@methane methane changed the title windows: use DEFAULT_SSL_VERIFY_SERVER_CERT=0 option mariadb: disable SSL and server cert verification by default Nov 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@methane @mgkid3310