python MySQLdb : use ssl without certificate
I have a mysql server running on AWS that requires authentication over SSL (but no user certificates).
What I tried :
SequelPro (GUI) allows you to connect without a certificate:
It also works when using mysqlconnector with empty SSL parameters: ‘ssl_ca’: ‘'
. Unfortunately, MySQLdb does not.
I tried (using a connection string).
1.
conn = sqlalchemy.create_engine(
con_str,
connect_args={'ssl':{'ca': ''}})
pd.read_sql_query('select id from mytable limit 1', conn)
2.
conn = sqlalchemy.create_engine(
# the following is used to enforce mysqlconnector usage
con_str.replace("mysql:", "mysql+mysqlconnector:"),
connect_args={'ssl_ca':''})
pd.read_sql_query('select id from mytable limit 1', conn)
The second one works fine, the first one doesn’t. Of course, I also tried using the bare connectors (MySQLdb.connect() and mysql.connector.connect())
and got the same behavior and couldn’t put MySQLdb
to work.
Question:
Can you give me some tips on how to use SSL in MySQLdb without a certificate (and key)?
More background:
We switched from another provider to AWS, so unfortunately we no longer use ssh as before, now we use SSL. And I don’t manage the database, so I can’t implement it with a user certificate, I’m just forced to use SSL without any certificates.
A colleague explained that from a security point of view, this is okay because the server sends a certificate. We believe that he is the one that belongs to the corresponding URL because we believe in the CA.
Solution
It may not work in your case, but I also want to do that in pymysql, which seems to pass a dictionary containing any key works :
connect_args={'ssl': {'key': 'whatever'}}
But then I found out that mysql-connector-python tries SSL even without any parameters. I changed careers for another reason.