Uploaded image for project: 'MariaDB Connector/Python'
  1. MariaDB Connector/Python
  2. CONPY-147

Upgrade from version 1.0.1 to 1.02 or above gets SSL self signed certificate error

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.0.2, 1.0.6
    • Fix Version/s: None
    • Component/s: Installation
    • Labels:
      None
    • Environment:
      Client:
      - Ubuntu Xenial 16.04
      - Python3.6
      SSL cert creation:
      - OpenSSL 1.0.2g
      Server version:
      - 10.1.44-MariaDB-0ubuntu0.18.04.1 Ubuntu 18.04
      Python 3.6.11

      Description

      What I want:

      Upgrade MariaDB Connector/Python from version 1.0.1 to any more recent versions.

      Problem:

      I get an error when using mariadb.connect():

      SSL connection error: self signed certificate
      

      What I did:
      Because of some technical limitations, I have to compile and install MariaDB Connector/Python on a build machine and then move the resulting files to the machine that runs the Python code.
      I have been following these instructions:
      https://mariadb.com/kb/en/about-mariadb-connector-odbc/#installing-mariadb-connectorodbc-on-debianubuntu

      With 1.0.1 I can connect with TLS with this code:

      [truncated]
          ssl = { 'ssl_ca': ca_path }
       
       
              conn = mariadb.connect(
                  user = user,
                  password = pwd,
                  host = host,
                  port = port,
                  database = db_name,
                  ssl = ssl
              )
      [truncated]
      

      With 1.0.2 and above, that code returns this error:

          ssl = ssl
      TypeError: an integer is required (got type dict)
      

      This is easily fixable with this code:

              conn = mariadb.connect(
                  user = user,
                  password = pwd,
                  host = host,
                  port = port,
                  database = db_name,
                  ssl_ca = ca_path,
              )
      

      But then, we get a new error, which is what I need help with:

      SSL connection error: self signed certificate
      

      I don't know what makes this error show up from version 1.0.1 to 1.0.2, and I can't find relevant information on the internet.

      Some additional info:

      OpenSSL:

      OpenSSL> version
      OpenSSL 1.0.2g  1 Mar 2016
      

      MariaDB SSL vars:

      MariaDB [(none)]> SHOW VARIABLES LIKE '%ssl%';
      +---------------------+------------------------------------------+
      | Variable_name       | Value                                    |
      +---------------------+------------------------------------------+
      | have_openssl        | NO                                       |
      | have_ssl            | YES                                      |
      | ssl_ca              | /etc/mysql/certificates//ca.pem          |
      | ssl_capath          |                                          |
      | ssl_cert            | /etc/mysql/certificates//server-cert.pem |
      | ssl_cipher          |                                          |
      | ssl_crl             |                                          |
      | ssl_crlpath         |                                          |
      | ssl_key             | /etc/mysql/certificates//server-key.pem  |
      | version_ssl_library | YaSSL 2.4.4                              |
      +---------------------+------------------------------------------+
      10 rows in set (0.00 sec)
       
      MariaDB [(none)]> show session status like 'ssl_version';
      +---------------+-------+
      | Variable_name | Value |
      +---------------+-------+
      | Ssl_version   | TLSv1 |
      +---------------+-------+
      1 row in set (0.00 sec)
       
      MariaDB [(none)]> show session status like 'ssl_cipher';
      +---------------+--------------------+
      | Variable_name | Value              |
      +---------------+--------------------+
      | Ssl_cipher    | DHE-RSA-AES256-SHA |
      +---------------+--------------------+
      1 row in set (0.00 sec)
      
      

        Attachments

          Activity

            People

            Assignee:
            georg Georg Richter
            Reporter:
            carlos_as Carlos Quental
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:

                Git Integration