#323 SSL connections not workign with MySQL 5.5 client library

MySQLdb-1.2
closed
Andy Dustman
MySQLdb (285)
5
2012-09-19
2012-06-15
Anonymous
No

On the server side I have:
mysql51-server-5.1.61-1.52.amzn1.x86_64 configured for SSL operations.

On one client I have mysql-5.1.61-4.el6.x86_64 and MySQL-python==1.2.3 and SSL connection from a Django app works fine.

On another client I have mysql-5.5-1.3.amzn1.noarch and MySQL-python==1.2.3 and I get:

Traceback (most recent call last):
File "./manage.py", line 9, in <module>
execute_from_command_line(sys.argv)
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/django/core/management/init.py", line 443, in execute_from_command_line
utility.execute()
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/django/core/management/init.py", line 382, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/djcelery/management/base.py", line 74, in run_from_argv
return super(CeleryCommand, self).run_from_argv(argv)
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/django/core/management/base.py", line 196, in run_from_argv
self.execute(args, options.dict)
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/djcelery/management/base.py", line 67, in execute
super(CeleryCommand, self).execute(*args, options)
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/django/core/management/base.py", line 231, in execute
self.validate()
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/django/core/management/base.py", line 266, in validate
num_errors = get_validation_errors(s, app)
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/django/core/management/validation.py", line 103, in get_validation_errors
connection.validation.validate_field(e, opts, f)
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/django/db/backends/mysql/validation.py", line 14, in validate_field
db_version = self.connection.get_server_version()
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/django/db/backends/mysql/base.py", line 411, in get_server_version
self.cursor()
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/django/db/backends/init.py", line 308, in cursor
cursor = util.CursorWrapper(self._cursor(), self)
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/django/db/backends/mysql/base.py", line 387, in _cursor
self.connection = Database.connect(kwargs)
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/MySQLdb/
init.py", line 81, in Connect
return Connection(*args, kwargs)
File "/home/celeryd/.virtualenvs/monupco/lib/python2.6/site-packages/MySQLdb/connections.py", line 187, in init
super(Connection, self).init(
args, **kwargs2)
_mysql_exceptions.NotSupportedError: client library does not have SSL support

http://code.google.com/p/pyrit/issues/detail?id=309#c4 provided me with a hint for the issue.

Discussion

1 2 > >> (Page 1 of 2)
  • Andy Dustman
    Andy Dustman
    2012-06-18

    Paste the results of "mysql-config" when run in your build environment. It will look something like this:

        --cflags         [-I/opt/local/include/mysql5/mysql  -pipe -fPIC    -D_P1003_1B_VISIBLE -DSIGNAL_WITH_VIO_CLOSE -DSIGNALS_DONT_BREAK_READ -DIGNORE_SIGHUP_SIGQUIT  -DDONT_DECLARE_CXA_PURE_VIRTUAL]
        --include        [-I/opt/local/include/mysql5/mysql]
        --libs           [-L/opt/local/lib   -L/opt/local/lib/mysql5/mysql -lmysqlclient -L/opt/local/lib -lz -lm  -L/opt/local/lib/ -lssl -lcrypto]
        --libs_r         [-L/opt/local/lib   -L/opt/local/lib/mysql5/mysql -lmysqlclient_r -L/opt/local/lib -lz -lm   -L/opt/local/lib/ -lssl -lcrypto]
        --plugindir      [/opt/local/lib/mysql5/mysql/plugin]
        --socket         [/opt/local/var/run/mysql5/mysqld.sock]
        --port           [0]
        --version        [5.1.59]
        --libmysqld-libs [-L/opt/local/lib   -L/opt/local/lib/mysql5/mysql -lmysqld -ldl  -L/opt/local/lib -lz -lm     -L/opt/local/lib/ -lssl -lcrypto]
    
     

  • Anonymous
    2012-07-09

    I'm having this same problem on Ubuntu 12.04 with mysql 5.5 client. Our server is SSL auth only, so mysqldb is currently unusable for me. I know I can connect over ssl because the command line client works fine. I can also get oursql to work in python to connect over SSL.

    Here is the output of mysql_config for me:

    mysql_config

    Usage: /usr/bin/mysql_config [OPTIONS]
    Options:
    --cflags [-I/usr/include/mysql -DBIG_JOINS=1 -fno-strict-aliasing -g]
    --include [-I/usr/include/mysql]
    --libs [-L/usr/lib/x86_64-linux-gnu -lmysqlclient -lpthread -lz -lm -lrt -ldl]
    --libs_r [-L/usr/lib/x86_64-linux-gnu -lmysqlclient_r -lpthread -lz -lm -lrt -ldl]
    --plugindir [/usr/lib/mysql/plugin]
    --socket [/var/run/mysqld/mysqld.sock]
    --port [0]
    --version [5.5.24]
    --libmysqld-libs [-L/usr/lib/x86_64-linux-gnu -lmysqld -lpthread -lz -lm -lrt -lwrap -lcrypt -ldl]
    --variable=VAR VAR is one of:
    pkgincludedir [/usr/include/mysql]
    pkglibdir [/usr/lib/x86_64-linux-gnu]
    plugindir [/usr/lib/mysql/plugin]

     
  • Andy Dustman
    Andy Dustman
    2012-07-09

    I don't see -lssl in your flags, which normally would indicate that your MySQL libraries don't have SSL support via OpenSSL. However I vaguely remember something about MySQL switching to GnuTLS for the SSL/TLS support, but then I don't thnk the relevant flags are there either. Try checking the Ubuntu bugs and maybe create one if you have to.

     

  • Anonymous
    2012-07-10

    thanks for responding so quickly! I've been really digging for a bug on this, but I don't think it's an ubuntu issue. It appears to me that mysql 5.5 has built in ssl support that doesn't require an external library. maybe I'm reading it wrong?

    http://dev.mysql.com/doc/refman//5.5/en/secure-using-ssl.html

    anyway, i tried supplying build_ext to setup.py to set the openssl flag, but that didn't seem to work either...

     
  • Andy Dustman
    Andy Dustman
    2012-07-10

    Can you verify that the mysql command line client can connect with SSL?

     
  • Tom Lane
    Tom Lane
    2012-07-10

    The problem is that MySQL-python is assuming that my_config.h will define HAVE_OPENSSL if libmysqlclient is built with SSL support. This symbol is no longer provided by the mysql 5.5 configure script, so _mysql.c throws error whether there's SSL support or not.

    AFAICS it would be all right to remove the #if's and just unconditionally compile SSL support in _mysql.c, because mysql_set_ssl is supposed to exist regardless. I'm not sure whether mysql_real_connect will provide a pleasant error message when SSL support is disabled, though, because I have no such mysql build handy to try.

     

  • Anonymous
    2012-07-12

    I can certainly verify that the mysql 5.5 command line client can connect via SSL.

     
  • Andy Dustman
    Andy Dustman
    2012-07-13

    I believe adding this bit to site.cfg will fix it:

    extra_compile_args = -DHAVE_OPENSSL

    The above is POSIX-dependent. Another way to fix this is to patch setup_posix.py or setup_windows.py to include this in the values of define_macros:

    ('HAVE_OPENSSL', None)

    Could probably also fix in _mysql.c. I haven't figured out what the best general way to fix this is, but it might be by testing the version number there.

     
  • Andy Dustman
    Andy Dustman
    2012-09-07

    Your MySQL C client library (libmysqlclient) was not built with SSL support

     
  • Andy Dustman
    Andy Dustman
    2012-09-07

    Should have reread the comments first

     
1 2 > >> (Page 1 of 2)