DBIish icon indicating copy to clipboard operation
DBIish copied to clipboard

Published 20 hours ago verified publisher icon raku-community-modules

support for mysql_options()

Open pprocacci opened this issue 4 years ago • 5 comments

It would be nice to be able to turn off this default behavior of wanting to use ssl on a connection that doesn't require it.

DBDish::mysql: Can't connect: SSL connection error: error:00000001:lib(0):func(0):reason(1)

% uname -a FreeBSD workvm.myhome 12.1-STABLE FreeBSD 12.1-STABLE r363997 GENERIC amd64


my $dbh = DBIish.connect("mysql", :host<host>, :database<db>, :user<user>, :password<pass>);

$dbh.execute(q:to/STATEMENT/);
a select statement
STATEMENT

pprocacci avatar Oct 08 '20 19:10 pprocacci

A quick look at the DBIish MySQL driver doesn't show anything SSL related so I presume it's something between libmysql and the backend. It seems there are a number of possible reasons you can get this error.

Client/server library version: Homebrew/homebrew-core#6753

A cipher suite mismatch: https://bugs.mysql.com/bug.php?id=75311

Suggests to check that your cert is valid: https://mariadb.com/kb/en/library/mariadb-ssl-connection-issues/

Can you connect via the mysql client successfully using the same parameters as you provide to DBIish.connect?

rbt avatar Oct 08 '20 19:10 rbt

  • The mysql command line client works fine. It's using the same libraries as raku supposedly is.
  • This connection doesn't use ssl.
  • I think the key here is this driver not including a mysql_options() function that would allow me to turn it off:

https://dev.mysql.com/doc/c-api/5.7/en/mysql-options.html

pprocacci avatar Oct 08 '20 19:10 pprocacci

Ah. I see. There are even commented out regression tests from the perl driver which haven't been ported for these (mysql_init_command specifically).

mysql.connect() should take an *%params arg similar to Pg and SQLite which allows setting additional details, and pass those to mysql_options() prior to connecting.

Thanks for digging that up.

rbt avatar Oct 08 '20 22:10 rbt

Right, just so we're clear as I have a tendency of not being clear .... (lol).

Plain text mysql connections:

a) Using the mysql client work fine b) Using this driver fail.

The difference I believe is:

a) When compiled with SSL, the libmysqlclient uses ssl as the default (assumption) b) The mysql command line client is internally setting the ssl option to NONE as the default so everything succeeds, which allows users to re-enable ssl with various --ssl flags. c) The raku driver leaves the default as is (which I assume is require ssl from the library) ... so you get the error I presented.

It's be nice to have raku:

a) Set SSL to none as the default and b) Allow the option of re-enabling it (like you described in your latest post w/ passing *%opts to connect().)

Cheers!

pprocacci avatar Oct 09 '20 18:10 pprocacci

I prefer security by default but it should be documented to make it clear and tell the user what needs to be done to use it in a secure way.

abraxxa avatar Oct 09 '20 18:10 abraxxa