Opened 7 years ago

Closed 7 years ago

#28322 closed Cleanup/optimization (fixed)

Add support for mysql client certificates to dbshell

Reported by: Paul Tiplady Owned by: Paul Tiplady
Component: Core (Management commands) Version: 1.11
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

A common security procedure for DB access is to require mutual TLS for the DB connection, e.g. as implemented by Google Cloud SQL for their hosted MySQL offering.

This involves specifying a server certificate, client certificate, and client key when connecting.

Django already supports this configuration, it looks like this:

DATABASES = {
        'default': {
            'ENGINE': 'django.db.backends.mysql',
            'HOST': db_host,
            'NAME': 'test',
            'USER': 'root',
            'PASSWORD': 'root',
            'OPTIONS': {
               'ssl': {
                    'ca': 'server-ca.pem',
                    'cert': 'client-cert.pem',
                    'key': 'client-key.pem',
                }
            },
        },
    }

However the dbshell command does not support the client cert params ('cert' and 'key'), though it is aware of the server cert param 'ca'.

Should be a trivial fix to add in support for the other 'ssl' parameters required here, I'll take a look.

Change History (3)

comment:1 by Tim Graham, 7 years ago

Component: Database layer (models, ORM)Core (Management commands)
Summary: `manage.py dbshell` does not support mysql client certificatesAdd support for mysql client certificates to dbshell
Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

comment:2 by Paul Tiplady, 7 years ago

Has patch: set

Pull request here: https://github.com/django/django/pull/8657

(Needs CLA, I'm currently running that by legal).

This is my first contribution to Django so please nitpick if I've done something slightly wrong ;)

comment:3 by Tim Graham <timograham@…>, 7 years ago

Resolution: fixed
Status: assignedclosed

In 335a8d78:

Fixed #28322 -- Added dbshell support for MySQL client TLS certs.

Note: See TracTickets for help on using tickets.
Back to Top