dj-database-url icon indicating copy to clipboard operation
dj-database-url copied to clipboard

Published 20 hours ago verified publisher icon jazzband

heroku+django+mysql: sslmode not supported.

Open lwaite opened this issue 6 years ago • 16 comments

Based on docs: there's no 'sslmode' attribute. The following code gives me the exception: 'sslmode' is an invalid keyword argument. This issue is possibly related to other backends like sqlite as well.

Workaround: On settings.py after: django_heroku.settings(locals()) add: del DATABASES['default']['OPTIONS']['sslmode']

lwaite avatar Jul 18 '18 20:07 lwaite

Thank you very much !

marcpozzi avatar Aug 09 '18 00:08 marcpozzi

We should definitely support this without a workaround.

Is there a reason that sslmode shouldn't be the default?

jacobian avatar Jul 24 '19 14:07 jacobian

I got this error: del DATABASES['default']['OPTIONS']['sslmode'] KeyError: 'OPTIONS'

AminuIsrael avatar Oct 03 '19 23:10 AminuIsrael

Same - I'm getting a KeyError whenever I try to do anything after using del DATABASES['default']['OPTIONS']['sslmode']

nwthomas avatar Oct 16 '19 05:10 nwthomas

I got it fixed, don't add that code to the settings.py file, use your default database and you should be fine

AminuIsrael avatar Oct 16 '19 08:10 AminuIsrael

I got it fixed, don't add that code to the settings.py file, use your default database and you should be fine

what do you mean by "use your default database"?

sheoak avatar Mar 30 '20 11:03 sheoak

thats funny. How when installing wooey I got the sslmode error, then when I added that line of code it fixed it, just to get the Options key error later when running ./manage.py addscript for wooey. Just delete and use the default database and back to normal workflow.

robomantis19 avatar May 01 '20 00:05 robomantis19

To fix this error, just use

django_heroku.settings(locals())

At the end of the line, No need adding

del DATABASES['default']['OPTIONS']['sslmode']

AminuIsrael avatar May 01 '20 03:05 AminuIsrael

Thank you.

eshwetak avatar Dec 05 '20 10:12 eshwetak

not working for me

juancresc avatar Jan 12 '22 19:01 juancresc

Based on docs: there's no 'sslmode' attribute. The following code gives me the exception: 'sslmode' is an invalid keyword argument. This issue is possibly related to other backends like sqlite as well.

Workaround: On settings.py after: django_heroku.settings(locals()) add: del DATABASES['default']['OPTIONS']['sslmode']

this worked for me, thanks

FredericoLeao avatar Jun 25 '22 15:06 FredericoLeao

The problem appears to be more a matter of django_heroku hardcoding sslmode.

Fun question: how should we deal with this? Options include:

  1. Throw an error when setting for non-Postgres DB's as it's non-obvious how to support it (e.g. MySQL doesn't appear to have an equivalent arg)
  2. Throw a warning, which would let things like django_heroku continue to work while flagging it, but only set it for Postgres
  3. Figure out if we can support this for other DBs. Doesn't make sense at all for SQlite for example.
  4. Remove the option, and get Postgres folks to add sslmode=require to their URL

Thoughts anyone?

palfrey avatar Dec 14 '22 12:12 palfrey

I'm leaning towards the option 4 ("Remove the option, and get Postgres folks to add sslmode=require to their URL") as that's used in test_database_url_with_options for example.

This would be a major version bump, but I'm thinking this plus the change from https://github.com/jazzband/dj-database-url/issues/114#issuecomment-1359413685 in one go for that.

palfrey avatar Dec 21 '22 12:12 palfrey

fwiw it looks like 'OPTIONS': {'ssl': True} is needed for mysql instead of 'OPTIONS': {'sslmode': 'require'} for postgres ref https://stackoverflow.com/q/59894554

ddelange avatar Jan 17 '23 15:01 ddelange

maybe nothing needs to be specified for mysql? if at all, maybe sslMode=REQUIRED?

For 8.0.12 and earlier: As long as the server is correctly configured to use SSL, there is no need to configure anything on the Connector/J client to use encrypted connections (the exception is when Connector/J is connecting to very old server versions like 5.6.25 and earlier or 5.7.5 and earlier, in which case the client must set the connection property useSSL=true in order to use encrypted connections). The client can demand SSL to be used by setting the connection property requireSSL=true; the connection then fails if the server is not configured to use SSL. Without requireSSL=true, the connection just falls back to non-encrypted mode if the server is not configured to use SSL.

For 8.0.13 and later: As long as the server is correctly configured to use SSL, there is no need to configure anything on the Connector/J client to use encrypted connections. The client can demand SSL to be used by setting the connection property sslMode=REQUIRED, VERIFY_CA, or VERIFY_IDENTITY; the connection then fails if the server is not configured to use SSL. With sslMode=PREFERRED, the connection just falls back to non-encrypted mode if the server is not configured to use SSL. For X-Protocol connections, the connection property xdevapi.ssl-mode specifies the SSL Mode setting, just like sslMode does for MySQL-protocol connections (except that PREFERRED is not supported by X Protocol); if not explicitly set, xdevapi.ssl-mode takes up the value of sslMode ( if xdevapi.ssl-mode is not set and sslMode is set to PREFERRED, xdevapi.ssl-mode is set to REQUIRED).

https://dev.mysql.com/doc/connector-j/8.0/en/connector-j-reference-using-ssl.html

ddelange avatar Jan 17 '23 15:01 ddelange

Any thoughts on this @mattseymour ?

palfrey avatar Feb 16 '23 10:02 palfrey