python 3.4.3、pymysql 0.6.7 和 0.7.1、mysql 5.5.23 和 5.5.4x 无法使用 ssl 选项连接到 mysql。 使用 mysql workbench 和 mysql-client 安全连接工作正常。 我在debian和windows的两台mysql服务器上测试过
这里是代码和解释
制作证书
openssl genrsa 2048 > ca-key.pem; \
openssl req -sha1 -new -x509 -nodes -days 3650 -key ca-key.pem > ca-cert.pem; \
openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout server-key.pem > server-req.pem; \
openssl x509 -sha1 -req -in server-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > server-cert.pem; \
openssl rsa -in server-key.pem -out server-key.pem; \
openssl req -sha1 -newkey rsa:2048 -days 730 -nodes -keyout client-key.pem > client-req.pem; \
openssl x509 -sha1 -req -in client-req.pem -days 730 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 > client-cert.pem; \
openssl rsa -in client-key.pem -out client-key.pem;
用户创建
CREATE DATABASE dbname;
GRANT ALL PRIVILEGES ON dbname.* TO 'u1'@'%' IDENTIFIED BY '12345' REQUIRE SSL;
FLUSH PRIVILEGES;
代码
from __future__ import print_function
import pymysql
#conn = pymysql.connect(host='localhost', port=3306, user='root', passwd='', db='mysql')
conn = pymysql.connect(host='localhost', port=3306, user='u1', passwd='12345', db='dbname', ssl = {'key': 'ssl/client-key.pem', 'cert': 'ssl/client-cert.pem', 'ca': 'ssl/ca-cert.pem'})
cur = conn.cursor()
#cur.execute("SELECT Host,User FROM user")
cur.execute("SHOW TABLES")
print(cur.description)
print()
for row in cur:
print(row)
cur.close()
conn.close()
错误
Traceback (most recent call last):
File "C:\Python34\lib\site-packages\pymysql\connections.py", line 851, in connect
self._request_authentication()
File "C:\Python34\lib\site-packages\pymysql\connections.py", line 1017, in _request_authentication
ca_certs=self.ca)
File "C:\Python34\lib\ssl.py", line 890, in wrap_socket
ciphers=ciphers)
File "C:\Python34\lib\ssl.py", line 580, in __init__
self.do_handshake()
File "C:\Python34\lib\ssl.py", line 807, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:/Users/User/Py/prjct/test.py", line 24, in <module>
conn = pymysql.connect(host='localhost', port=3306, user='u1', passwd='12345', db='dbname', ssl = {'key': 'ssl/client-key.pem', 'cert': 'ssl/client-cert.pem', 'ca': 'ssl/ca-cert.pem'})
File "C:\Python34\lib\site-packages\pymysql\__init__.py", line 88, in Connect
return Connection(*args, **kwargs)
File "C:\Python34\lib\site-packages\pymysql\connections.py", line 657, in __init__
self.connect()
File "C:\Python34\lib\site-packages\pymysql\connections.py", line 882, in connect
raise exc
pymysql.err.OperationalError: (2003, "Can't connect to MySQL server on 'localhost' ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600))")
更新: 我错过了这部分说明:
```
Whatever method you use to generate the certificate and key files, the Common Name value used for the server and client certificates/keys must each differ from the Common Name value used for the CA certificate. Otherwise, the certificate and key files will not work for servers compiled using OpenSSL.
```
当 OpenSSL 提示您输入每个证书的通用名称时,请使用不同的名称。
但是它会帮助并引发新的错误:
首先-dhkey 不够用,我正在将测试 mysql 服务器更新到 5.7.11
它有助于并引发新的错误,即通用名称与 localhost 不匹配
我已经用新的通用名称 localhost
它再次向我显示错误 - ([SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败 (_ssl.c:600))
最佳答案
尝试:
conn = pymysql.connect(host='localhost', port=3306, user='u1', passwd='12345', db='dbname', ssl={'ssl': {'key': ' ssl/client-key.pem', 'cert': 'ssl/client-cert.pem', 'ca': 'ssl/ca-cert.pem'}})
有同样的问题,它对我有用。
关于python - peewee mysql SSL : CERTIFICATE_VERIFY_FAILED,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35552029/