Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.
Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upAdd MySQL Connector/Python compatible SSL options. #903
+201
−10
Conversation
moriyoshi
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Background of the modification
This patch adds a bunch of connection arguments that are compatible with MySQL Connector/Python.
https://dev.mysql.com/doc/connector-python/en/connector-python-connectargs.html
The rationale for the change is that SQLAlchemy propagates the parameters specified in the DSN's query to the constructor arguments as they are, which means it cannot build a structured parameter to give it to the underlying connection factory.
MySQL Connector/Python can take unstructued TLS parameters so it plays well with SQLAlchemy.
Details
This patch adds the following arguments:
ssl_ca: Path to the file that contains a PEM-formatted CA certificatessl_cert: Path to the file that contains a PEM-formatted client certificatessl_disabled: A boolean value that disables usage of TLSssl_key: Path to the file that contains a PEM-formatted private key for the client certificatessl_verify_cert: Set to true to check the validity of server certificatesssl_verify_identity: Set to true to check the server's identityThis patch also introduces the following key for the dictionary that is supposed to be passed through
sslargument, which effectively closes #842.verify_mode:noneforssl.CERT_NONE,optionalforssl.CERT_OPTIONALandrequiredforssl.CERT_REQUIRED