可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
I'm trying to connect Django to a mysql database which is accessible through an ssl connection. How do I configure this?
My first guess would be setting the 'OPTIONS' property of the database definition. However, I can't find info on what possible options to use. The option 'ssl': '/map/to/ca-cert.pem' does not work.
The following command seems to work:
mysql -h url.to.host -u lizard -p --ssl-ca=./ca-cert.pem
Edit: Ok I'm looking at the python-mysqldb documentation... maybe I can find the answer there.
回答1:
Django uses the Python MySQLdb library to interface with MySQL. Looking at the MySQLdb connection documentation, it looks like the ssl option requires a dictionary argument. So this might work:
'OPTIONS': {'ssl': {'key': '/map/to/ca-cert.pem'}}
回答2:
The mysql client must be provided with three keys:
CA cert client cert client key
See the Mysql documentation for the instructions for creating these keys and setting up the server: http://dev.mysql.com/doc/refman/5.5/en/creating-ssl-certs.html
NOTE: There is an open issue that seems to be related to using openssl v1.0.1 to create the certificates for mysql 5.5.x (http://bugs.mysql.com/bug.php?id=64870)
This is an example entry for the Django settings file:
DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': '<DATABASE NAME>', 'USER': '<USER NAME>', 'PASSWORD': '<PASSWORD>', 'HOST': '<HOST>', 'PORT': '3306' 'OPTIONS': { 'ssl': {'ca': '<PATH TO CA CERT>', 'cert': '<PATH TO CLIENT CERT>', 'key': '<PATH TO CLIENT KEY>' } } } }
回答3:
I was getting a "SSL connection error: SSL_CTX_set_default_verify_paths failed') "error when running python manage.py migrate
I used pip to install django-mysql-ssl package. It still wasn't working. I had to change "ca" to "ssl-ca" and now it works.
'OPTIONS': { 'ssl': {'ssl-ca': '<PATH TO CA CERT>', } }
I'm not sure if it is actually using encryption, but it no longer throws an error. I am running local django app connected to an AWS mariaDB instance.
翻译