All geek questions in one place

SSL certification error> hostname does not match

I am trying to connect to the Google Cloud MYSQL server using SSL certificates and the Pyythys module for python with the following line:

connection = pymysql.connect(host=os.environ['SQL_HOST_IP'], user=os.environ['SQL_USER'], password = os.environ['SQL_PASSWORD'],
db='main', charset='utf8mb4', cursorclass=pymysql.cursors.DictCursor, 
ssl={'key': 'client-key.pem', 'cert': 'client-cert.pem', 'ca': 'server-ca.pem'})

Sorry, I keep getting the following error:

ssl.CertificateError: hostname 'SQL_IP_ADDRESS' doesn't match '$ALIAS_FROM_SELF_SIGNED_SSL_CERT'

I searched for this problem but cannot find a fix that does not involve monkeypatching ssl code to skip the ssl check. I explicitly list the IP address of the SQL node, but the ssl check is suspended during ssl.match_hostname, because the ssl certificates are self-signed with a different host name.

I am sure my keys are valid, as I can connect to them using Ruby (Windows / Linux) and linux mysql CLI. This seems to be a problem with ssl.match_hostname. It looks like this question and this one , but both bypassed the problem.

Is there a way to properly handle self-signed SSL certificates in Python.

+4
source share
1 answer

Although the solution to your answer problem was rejected as a merge request here: https://github.com/PyMySQL/PyMySQL/pull/555

You have the option to disable check_hostname . This works in version "0.7.11"

ssl_options = {
    'key': 'client-key.pem',
    'cert': 'client-cert.pem',
    'ca': 'server-ca.pem',
    'check_hostname': False
}

connection = pymysql.connect(
    host=os.environ['SQL_HOST_IP'],
    user=os.environ['SQL_USER'],
    password = os.environ['SQL_PASSWORD'],
    db='main', 
    charset='utf8mb4', 
    cursorclass=pymysql.cursors.DictCursor, 
    ssl=ssl_options
)
+1
source

Source: https://habr.com/ru/post/1671441/

More articles:


All Articles