Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
erp5
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Rafael Monnerat
erp5
Commits
7b49f53d
Commit
7b49f53d
authored
Jun 20, 2023
by
Jérome Perrin
Browse files
Options
Browse Files
Download
Plain Diff
Products/ZMySQLDA: ssl support
See merge request
nexedi/erp5!1772
parents
bbdc9fdf
36d93f4c
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
26 additions
and
2 deletions
+26
-2
product/ZMySQLDA/connectionAdd.dtml
product/ZMySQLDA/connectionAdd.dtml
+11
-1
product/ZMySQLDA/db.py
product/ZMySQLDA/db.py
+15
-1
No files found.
product/ZMySQLDA/connectionAdd.dtml
View file @
7b49f53d
...
@@ -56,7 +56,7 @@
...
@@ -56,7 +56,7 @@
<dd>
<dd>
The connection string used for Z MySQL Database Connection is of the form:
The connection string used for Z MySQL Database Connection is of the form:
<br />
<br />
<code>[*lock] [+/-][database][@host[:port]] [user [password [unix_socket]]]</code>
<code>[
%ssl_name] [
*lock] [+/-][database][@host[:port]] [user [password [unix_socket]]]</code>
<br />
<br />
or typically:
or typically:
<br />
<br />
...
@@ -73,6 +73,16 @@
...
@@ -73,6 +73,16 @@
If the UNIX socket is in a non-standard location, you can specify
If the UNIX socket is in a non-standard location, you can specify
the full path to it after the password.
the full path to it after the password.
</dd>
</dd>
<dd>
%<em>ssl_name</em> at the begining of the connection string means to use
a ssl client certificate for authentication.
This will use a CA certificate located at
<code>$INSTANCEHOME/etc/zmysqlda/[%ssl_name]-ca.pem</code>, a client certificate
at <code>$INSTANCEHOME/etc/zmysqlda/[%ssl_name]-cert.pem</code> with a key
at <code>$INSTANCEHOME/etc/zmysqlda/[%ssl_name]-key.pem</code>.
This will also verify that the connection is using ssl and cause an error
when an encrypted connection can not be established.
</dd>
<dd>
<dd>
A '-' in front of the database tells ZMySQLDA to not use Zope's
A '-' in front of the database tells ZMySQLDA to not use Zope's
Transaction Manager, even if the server supports transactions. A
Transaction Manager, even if the server supports transactions. A
...
...
product/ZMySQLDA/db.py
View file @
7b49f53d
...
@@ -107,6 +107,7 @@ if _v < MySQLdb_version_required:
...
@@ -107,6 +107,7 @@ if _v < MySQLdb_version_required:
from
MySQLdb.converters
import
conversions
from
MySQLdb.converters
import
conversions
from
MySQLdb.constants
import
FIELD_TYPE
,
CR
,
ER
,
CLIENT
from
MySQLdb.constants
import
FIELD_TYPE
,
CR
,
ER
,
CLIENT
from
App.config
import
getConfiguration
from
Shared.DC.ZRDB.TM
import
TM
from
Shared.DC.ZRDB.TM
import
TM
from
DateTime
import
DateTime
from
DateTime
import
DateTime
from
zLOG
import
LOG
,
ERROR
,
WARNING
from
zLOG
import
LOG
,
ERROR
,
WARNING
...
@@ -245,6 +246,14 @@ class DB(TM):
...
@@ -245,6 +246,14 @@ class DB(TM):
items = self._connection.split()
items = self._connection.split()
if not items:
if not items:
return
return
if items[0][0] == "%":
cert_base_name = items.pop(0)[1:]
instancehome = getConfiguration().instancehome
kwargs['
ssl
'] = {
'
ca
': os.path.join(instancehome, '
etc
', '
zmysqlda
', cert_base_name + '
-
ca
.
pem
'),
'
cert
': os.path.join(instancehome, '
etc
', '
zmysqlda
', cert_base_name + '
-
cert
.
pem
'),
'
key
': os.path.join(instancehome, '
etc
', '
zmysqlda
', cert_base_name + '
-
key
.
pem
'),
}
if items[0] == "~":
if items[0] == "~":
kwargs['
compress
'] = True
kwargs['
compress
'] = True
del items[0]
del items[0]
...
@@ -319,7 +328,12 @@ class DB(TM):
...
@@ -319,7 +328,12 @@ class DB(TM):
error
=
True
,
error
=
True
,
)
)
self
.
db
=
MySQLdb
.
connect
(
**
self
.
_kw_args
)
self
.
db
=
MySQLdb
.
connect
(
**
self
.
_kw_args
)
self
.
_query
(
"SET time_zone='+00:00'"
)
self
.
_query
(
b"SET time_zone='+00:00'"
)
# BBB mysqlclient on python2 does not support sql_mode, check that
# the connection is actually encrypted.
if
self
.
_kw_args
.
get
(
'ssl'
)
and
\
not
self
.
_query
(
b"SHOW STATUS LIKE 'Ssl_version'"
).
fetch_row
()[
0
][
1
]:
raise
NotSupportedError
(
"Connection established without SSL"
)
def
tables
(
self
,
rdb
=
0
,
def
tables
(
self
,
rdb
=
0
,
_care
=
(
'TABLE'
,
'VIEW'
)):
_care
=
(
'TABLE'
,
'VIEW'
)):
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment