Opened 7 years ago
Closed 7 years ago
#28322 closed Cleanup/optimization (fixed)
Add support for mysql client certificates to dbshell
Reported by: | Paul Tiplady | Owned by: | Paul Tiplady |
---|---|---|---|
Component: | Core (Management commands) | Version: | 1.11 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | yes | UI/UX: | no |
Description
A common security procedure for DB access is to require mutual TLS for the DB connection, e.g. as implemented by Google Cloud SQL for their hosted MySQL offering.
This involves specifying a server certificate, client certificate, and client key when connecting.
Django already supports this configuration, it looks like this:
DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'HOST': db_host, 'NAME': 'test', 'USER': 'root', 'PASSWORD': 'root', 'OPTIONS': { 'ssl': { 'ca': 'server-ca.pem', 'cert': 'client-cert.pem', 'key': 'client-key.pem', } }, }, }
However the dbshell command does not support the client cert params ('cert' and 'key'), though it is aware of the server cert param 'ca'.
Should be a trivial fix to add in support for the other 'ssl' parameters required here, I'll take a look.
Change History (3)
comment:1 by , 7 years ago
Component: | Database layer (models, ORM) → Core (Management commands) |
---|---|
Summary: | `manage.py dbshell` does not support mysql client certificates → Add support for mysql client certificates to dbshell |
Triage Stage: | Unreviewed → Accepted |
Type: | Uncategorized → Cleanup/optimization |
comment:2 by , 7 years ago
Has patch: | set |
---|
Pull request here: https://github.com/django/django/pull/8657
(Needs CLA, I'm currently running that by legal).
This is my first contribution to Django so please nitpick if I've done something slightly wrong ;)