Opened 7 years ago
Closed 7 years ago
#28322 closed Cleanup/optimization (fixed)
Add support for mysql client certificates to dbshell
| Reported by: | Paul Tiplady | Owned by: | Paul Tiplady |
|---|---|---|---|
| Component: | Core (Management commands) | Version: | 1.11 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
A common security procedure for DB access is to require mutual TLS for the DB connection, e.g. as implemented by Google Cloud SQL for their hosted MySQL offering.
This involves specifying a server certificate, client certificate, and client key when connecting.
Django already supports this configuration, it looks like this:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'HOST': db_host,
'NAME': 'test',
'USER': 'root',
'PASSWORD': 'root',
'OPTIONS': {
'ssl': {
'ca': 'server-ca.pem',
'cert': 'client-cert.pem',
'key': 'client-key.pem',
}
},
},
}
However the dbshell command does not support the client cert params ('cert' and 'key'), though it is aware of the server cert param 'ca'.
Should be a trivial fix to add in support for the other 'ssl' parameters required here, I'll take a look.
Change History (3)
comment:1 by , 7 years ago
| Component: | Database layer (models, ORM) → Core (Management commands) |
|---|---|
| Summary: | `manage.py dbshell` does not support mysql client certificates → Add support for mysql client certificates to dbshell |
| Triage Stage: | Unreviewed → Accepted |
| Type: | Uncategorized → Cleanup/optimization |
comment:2 by , 7 years ago
| Has patch: | set |
|---|
Note:
See TracTickets
for help on using tickets.
Pull request here: https://github.com/django/django/pull/8657
(Needs CLA, I'm currently running that by legal).
This is my first contribution to Django so please nitpick if I've done something slightly wrong ;)