[CONPY-147] Upgrade from version 1.0.1 to 1.02 or above gets SSL self signed certificate error Created: 2021-03-12  Updated: 2021-12-11  Resolved: 2021-12-11

Status: Closed
Project: MariaDB Connector/Python
Component/s: Generic, Installation
Affects Version/s: 1.0.2, 1.0.6
Fix Version/s: N/A

Type: Bug Priority: Minor
Reporter: Carlos Quental Assignee: Georg Richter
Resolution: Not a Bug Votes: 0
Labels: None
Environment:

Client:

  • Ubuntu Xenial 16.04
  • Python3.6
    SSL cert creation:
  • OpenSSL 1.0.2g
    Server version:
  • 10.1.44-MariaDB-0ubuntu0.18.04.1 Ubuntu 18.04
    Python 3.6.11


 Description   

What I want:

Upgrade MariaDB Connector/Python from version 1.0.1 to any more recent versions.

Problem:

I get an error when using mariadb.connect():

SSL connection error: self signed certificate

What I did:
Because of some technical limitations, I have to compile and install MariaDB Connector/Python on a build machine and then move the resulting files to the machine that runs the Python code.
I have been following these instructions:
https://mariadb.com/kb/en/about-mariadb-connector-odbc/#installing-mariadb-connectorodbc-on-debianubuntu

With 1.0.1 I can connect with TLS with this code:

[truncated]
 
    ssl = { 'ssl_ca': ca_path }
 
 
 
 
 
        conn = mariadb.connect(
 
            user = user,
 
            password = pwd,
 
            host = host,
 
            port = port,
 
            database = db_name,
 
            ssl = ssl
 
        )
 
[truncated]

With 1.0.2 and above, that code returns this error:

    ssl = ssl
 
TypeError: an integer is required (got type dict)

This is easily fixable with this code:

        conn = mariadb.connect(
 
            user = user,
 
            password = pwd,
 
            host = host,
 
            port = port,
 
            database = db_name,
 
            ssl_ca = ca_path,
 
        )

But then, we get a new error, which is what I need help with:

SSL connection error: self signed certificate

I don't know what makes this error show up from version 1.0.1 to 1.0.2, and I can't find relevant information on the internet.

Some additional info:

OpenSSL:

OpenSSL> version
 
OpenSSL 1.0.2g  1 Mar 2016

MariaDB SSL vars:

MariaDB [(none)]> SHOW VARIABLES LIKE '%ssl%';
 
+---------------------+------------------------------------------+
 
| Variable_name       | Value                                    |
 
+---------------------+------------------------------------------+
 
| have_openssl        | NO                                       |
 
| have_ssl            | YES                                      |
 
| ssl_ca              | /etc/mysql/certificates//ca.pem          |
 
| ssl_capath          |                                          |
 
| ssl_cert            | /etc/mysql/certificates//server-cert.pem |
 
| ssl_cipher          |                                          |
 
| ssl_crl             |                                          |
 
| ssl_crlpath         |                                          |
 
| ssl_key             | /etc/mysql/certificates//server-key.pem  |
 
| version_ssl_library | YaSSL 2.4.4                              |
 
+---------------------+------------------------------------------+
 
10 rows in set (0.00 sec)
 
 
 
MariaDB [(none)]> show session status like 'ssl_version';
 
+---------------+-------+
 
| Variable_name | Value |
 
+---------------+-------+
 
| Ssl_version   | TLSv1 |
 
+---------------+-------+
 
1 row in set (0.00 sec)
 
 
 
MariaDB [(none)]> show session status like 'ssl_cipher';
 
+---------------+--------------------+
 
| Variable_name | Value              |
 
+---------------+--------------------+
 
| Ssl_cipher    | DHE-RSA-AES256-SHA |
 
+---------------+--------------------+
 
1 row in set (0.00 sec)



 Comments   
Comment by José Manuel Santamaría Lema [ 2021-12-10 ]

Hello,

I work on the same company Carlos used to work, we tested with ubuntu 20.04 and python mariadb 1.0.8 and aparently we have no longer this problem, so I think this bug can be closed.

Just for the record, we had to change our code like this:

[truncated]
 
        conn = mariadb.connect(
 
            user = user,
 
            password = pwd,
 
            host = host,
 
            port = port,
 
            database = db_name,
 
            ssl = True,
 
            ssl_ca = ca_path
 
        )
 
[truncated]

Generated at Thu Feb 08 03:30:36 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.