SSL Connection error when trying to connect to aurora instance - python

I'm trying to run a python script through a cronjob inside my EKS cluster. When it tries to connect to my aurora instance, it fails stating that I'm using an unsupported SSL protocol.
unsupported protocol log trace
Any clue? The aurora's mysql version is 5.6, the python is 3.8 and the mysql connector package is 8.0.25

Even though the actual error message is a little different but I'm guessing this is most likely related to the missing TLS certificate issue stated here.
You should probably have the certificate available to the pod/cronjob you are trying to run in the cluster.

Related

sslmode value "require" invalid when SSL support is not compiled in

I'm trying to run my python code on AWS Lambda to send data to my postgres DB on Heroku. The code works totally fine in my local, but when I test it on AWS, I keep getting this error message:
[ERROR] OperationalError: sslmode value "require" invalid when SSL support is not compiled in
FYI, I'm running this on python 3.8 with psycopg2, enabling the sslmode=require when connecting postgres via psycopg2.
Has anyone encountered a similar issue?

Cannot connect to MySQL server Azure from python

I've been trying to connect to a MySQL database remotely but I keep getting the error:
2055: Lost connection to MySQL server at 'local.mysql.database.azure.com:3306', system error: 1 [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1045)
Using the exact same connection details I am able to connect to the database through MySQL Workbench and through Node. For some reason the connection won't go through in python.
This user's as not created to require SSL.
I've been trying to figure out the problem but I'm drawing blanks.
Below is my python login block.
config = {
'host':'local.mysql.database.azure.com',
'user':'user#local',
'password':'password',
'database':'random_db'
}
I've been able to connect to a MySQL instance on the Google Cloud Platform with the exact same connection block but it doesn't work for the Azure connection. I've looked for differences between the two platforms which could have caused this and the only thing I could find was that the Azure MySQL version was 5.7.32log while the GCP was 8.0.18.
I am also currently running python 3.7.0, not sure if that changes anything.
Is there another module I could use if that is the problem, or do I need to downgrade something? I have no idea.
According to this 5.7.29 is the latest 5.7 supported so 5.7.32 would give wrong version error.

Python MySQLdb cannot connect to server, SSL Issue

_mysql_exceptions.OperationalError: (2026, 'SSL connection error: SSL_CTX_set_tmp_dh failed')
is thrown at me when I try to run my script which connects to my SQL server.
I installed MySQLdb via conda. I've read that this may be an openssl issue, but I'm having trouble downgrading that as well.
based on This answer.
I got the answer:'https://dev.mysql.com/doc/refman/5.7/en/data-directory-initialization.html'
'shell> bin/mysql_ssl_rsa_setup'
If you want to deploy the server with automatic support for secure connections, use the mysql_ssl_rsa_setup utility to create default SSL and RSA files
More information here
I was able to fix this my using mysql.connector instead of importing MySQLdb in my python scripts

Error when connecting to DB2 with ibm_db with SSL

I am trying to connect to DB2 using python module ibm_db with SSL and I get the following error
conn = ibm_db.connect("DATABASE=myDB;HOSTNAME=xx.xx.xxx.xxx;PORT=nnn;PROTOCOL=TCPIP;SECURITY=SSL;SSLServerCertificate=./myFile.arm;UID=<username>;PWD=<password>;","","")
stmt = ibm_db.exec_immediate(conn, "delete from myschema.mytable")
I get the following exception
Exception: [IBM][CLI Driver] SQL30081N A communication error has been detected. Communication protocol being used: "SSL". Communication API being used: "SOCKETS". Location where the error was detected: "". Communication function detecting the error: "sqlccSSLSocketSetup". Protocol specific error code(s): "414", "*", "*". SQLSTATE=08001 SQLCODE=-30081
I have spent several hours trying to debug. Can't make any progress here
Any help will be appreciated.
Tinniam,
How is your gskit keystore (i.e. .kdb) and stash file (i.e. .sth file - file storing encrypted password for the keystore) created?
Was it creating locally with the same version on the client machine or was it created by someone on other machine that has a different version of gskit?
There is a known gskit incompatibility issue ( http://www-01.ibm.com/support/docview.wss?uid=swg22014693). A stash file generated with version GSKit 8.0.50.69 and newer versions cannot be read by lower version and it will return exactly gskit 414 error.
Check the gskit on where your keystore and stash file are created and the version that the client is using. There is a gsk8ver_64 tool in sqllib/gskit/bin to tell you the version.
If indeed, you have hit the incompatibility issue, you need to either upgrade your client to use the version of Db2 that has gskit on the newer boundary release OR: find an older version of Db2 server such as 10.5 fp9 and generate a new keystore and stash file with the lower version of gskit.
NOTE: newer version of gskit can read stash created by lower version. But stash file created by 8.0.50.69 and newer versions is not readable by gskit version that is lower than 8.0.50.69 release.
Hope this help solve your issue.
Kevin See
Db2 Hybrid Cloud Security Team
I had the same issue today while opening an SSL connection from a Db2 Client to a Db2 server.
SQL30081N with error code 414. Db2 docs pointed to this https://www.ibm.com/support/knowledgecenter/en/SSVJJU_6.3.0/com.ibm.IBMDS.doc/progref506.htm and the hint was
414 – Incorrectly formatted certificate received from partner.
We figured out sometime later, we have just imported the public key of our server into the client trust keyring. Correct is to import only the public keys of the root server and the intermediate server into the client trust store. You do not need to import the server public key (signed by the intermediate server) into the client trust store.
I hope, the original poster has already found a solution and I just wanted to leave here my solution for the next person with the same issue.
I would recommend to investigate how the SSL / TLS communication is configured, how the certificate is managed.
The SSL-specific error is documented as GSKit issue related to certificates. You probably have checked the recommendations for the error SQL30081N. The error SQL30081N even has protocol-specific details for the error codes.

Flask app fails to render when deploying code to Azure Web with a database connection, but works fine from local server

I have an Azure web app with a Flask template. I want it to connect to a SQL database. I made one. I installed pymssql. For testing purposes I added to the views.py in the root folder:
import pymssql
conn = pymssql.connect(server='mydb.database.windows.net', user='mydbnameadmin#mydb', password='secret', database='mydb')
I first tested locally on my kubuntu box. To make sure I was getting a connection, I entered the wrong password, and the server threw an error. I entered it correctly and the error disappeared. Cool. Also the SQL dashboard on the azure portal reported sucessfull connections. So then I pushed my changes (including updating the requirements.txt) to my github repo and it was sucked into my web application. When I tried running the web app, on the index page:
The page cannot be displayed because an internal server error has
occurred.
After turning on and inspecting the detailed logs all I get it:
HTTP Error 500.0 - Internal Server Error
The page cannot be displayed because an internal server error has occurred.
Most likely causes:
IIS received the request; however, an internal error occurred during the processing of the request. The root cause of this error depends on which module handles the request and what was happening in the worker process when this error occurred.
IIS was not able to access the web.config file for the Web site or application. This can occur if the NTFS permissions are set incorrectly.
IIS was not able to process configuration for the Web site or application.
The authenticated user does not have permission to use this DLL.
The request is mapped to a managed handler but the .NET Extensibility Feature is not installed.
IIS. What's that doing here? I thought MS was trendy and hosted this service on a linux box 0_0
I remove the second line
conn = pymssql.connect(server='mydb.database.windows.net', user='mydbnameadmin#mydb', password='secret', database='mydb')
and the error disappeared. If I run a server locally, which still uses the Azure SQL server, I don't have any issues.
This seems to be the same issue I have:
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/e20bb2a3-bdbe-4e49-8b92-b36fe50577da/having-trouble-deploying-flask-app-into-azure-with-azure-database?forum=windowsazurewebsitespreview&prof=required
but they say whether they actually got it working with a SQL database...
what do people think?
Thanks
my requirements.txt
alembic==0.7.7
azure==0.11.1
Flask==0.10.1
Flask-Migrate==1.5.0
Flask-Script==2.0.5
Flask-SQLAlchemy==2.0
futures==3.0.3
itsdangerous==0.24
Jinja2==2.8
Mako==1.0.1
MarkupSafe==0.23
pymssql==2.1.1
python-dateutil==2.4.2
six==1.9.0
SQLAlchemy==1.0.8
Werkzeug==0.10.4
wheel==0.24.0
Per my understanding, Azure Web sites are hosted on Windows Server 2012 VM by default, which would not install FreeTDS and also we don't have permission to install it. And the pymssql is based on FreeTDS.
So we can use pyodbc to connect the Azure SQL as a workaround way to handle it in ease.
I was able to successfully connect my Python code to a SQL Database on Azure using the pymssql 2.1 library.
I don't know if this is what is causing the problem but I did include a couple of extra parameters in my connection string... maybe that will help. I specified the driver explicitly and the Encrypt parameter since SSL is always enabled for SQL Azure (I believe)
myConnection = pyodbc.connect('Driver={SQL Server};'
'Server=tcp:1234567.database.windows.net,1433;'
'Database=MyAzureDatabase;'
'Uid=geekgirl#123456;Pwd=abcdef;'
'Encrypt=yes')
If that doesn't work, maybe try adding some error handling around the connect statement to try and get a more specific error message.
Fingers crossed!
I had this problem, but I eventually realized it was because I was using the 64-bit version of Python in Visual Studio, but Azure only supports the 32-bit version.
I was seeing:
DLL load failed: %1 is not a valid Win32 application.
Once I switched to installing and using the 32-bit version I was able to use Flask and pyodbc with no problems.

Categories

Resources