[Bug 1027075] Re: SSL support broken, despite SSL support in command line mysql client

Lloyd Kvam 1027075 at bugs.launchpad.net
Fri Mar 29 13:25:40 UTC 2013 

SRU Bug Template

[Impact]

 * A change in MySQL confused the python-mysqldb (version 1.2.3) build
process into omitting SSL support.  Andy Dustman, the upstream author,
dealt with this by adding this patch.  It simply checks for the new
MySQL versions and automatically sets the proper C macro variable to
enable SSL support in the Python module.

 * MySQL supports SSL encrypted connections which is very handy for
remote clients connecting over the Internet.  This was originally
working in the stable release, but was inadvertently lost in the Python
module due to the change in MySQL.

 * The patch simply enables the interface module to create and use the
additional variables required to support SSL connections.

[Test Case]

 * detailed instructions how to reproduce the bug:
I am omitting the detailed instructions.  There is a fair amount of setup work with certificates and a remote MySQL server to test ssl connections.  Applying this patch fixed the failure for me.

 * these should allow someone who is not familiar with the affected
   package to reproduce the bug and verify that the updated package fixes
   the problem.

[Regression Potential]

 * People rebuilding from source could foul up the SSL dependencies so
that they could specify SSL parameters within a python-mysqldb
connection request, but not have SSL support in their compiled versions
of the MySQL client libraries.

My usage includes both SSL connections and unencrypted "regular"
connections.  All work fine.

[Other Info]
 
The need for this patch disappears when you catch up to the latest python-mysqldb.  

I had problems when I attempted to compile the most recent version of
python-mysqldb in the 1.2 series on my Ubuntu 12.04 system.  That's why
I settled for the simple patch to enable SSL without picking up other
changes.  It appears that Debian is your upstream source for python-
mysqldb.  I presume they will understand and deal with any additional
changes forced by the later versions.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to python-mysqldb in Ubuntu.
https://bugs.launchpad.net/bugs/1027075

Title:
  SSL support broken, despite SSL support in command line mysql client

Status in “python-mysqldb” package in Ubuntu:
  Fix Released
Status in “python-mysqldb” package in Debian:
  Fix Released

Bug description:
  With python-mysqldb 1.2.3-1build1 in Ubuntu "precise", when connecting
  with SSL enabled, mysqldb fails due to missing support:

    File "/usr/lib/python2.7/dist-packages/MySQLdb/__init__.py", line 81, in Connect
      return Connection(*args, **kwargs)
    File "/usr/lib/python2.7/dist-packages/MySQLdb/connections.py", line 187, in __init__
      super(Connection, self).__init__(*args, **kwargs2)
  _mysql_exceptions.NotSupportedError: client library does not have SSL support

  Here's a test script:

  #! /usr/bin/python
  import MySQLdb
  ssl =  { 'key':  'key.pem', 'cert': 'cert.pm', 'ca': 'ca.pem', }
  self.mysqlconnection = MySQLdb.connect( ssl=ssl, host='localhost', user='anyuser', db='anydb', passwd='anypassword' )

  There is some rumour of a change in the output of mysql_config, which
  no longer says -lssl -lcrypto and -DHAVE_OPENSSL:

  $ mysql_config 
  Usage: /usr/bin/mysql_config [OPTIONS]
  Options:
          --cflags         [-I/usr/include/mysql -DBIG_JOINS=1  -fno-strict-aliasing  -g]
          --include        [-I/usr/include/mysql]
          --libs           [-L/usr/lib/i386-linux-gnu -lmysqlclient -lpthread -lz -lm -lrt -ldl]
          --libs_r         [-L/usr/lib/i386-linux-gnu -lmysqlclient_r -lpthread -lz -lm -lrt -ldl]
          --plugindir      [/usr/lib/mysql/plugin]
          --socket         [/var/run/mysqld/mysqld.sock]
          --port           [0]
          --version        [5.5.24]
          --libmysqld-libs [-L/usr/lib/i386-linux-gnu -lmysqld -lpthread -lz -lm -lrt -lwrap -lcrypt -ldl]

  Suddenly SSL based mysql connections that worked are busted.  This is
  possibly part of a larger conspiracy to make SSL suck even more than
  it already does :-)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-mysqldb/+bug/1027075/+subscriptions

More information about the foundations-bugs mailing list