Bug #106426 Support for passing in existing SSL connection to MySQL Python Connector
Submitted: 9 Feb 2022 19:17 Modified: 14 Feb 2022 16:38
Reporter: Jack Wotherspoon (OCA) Email Updates:
Status: Verified Impact on me:
None 
Category:Connector / Python Severity:S4 (Feature request)
Version:8.0 OS:Any
Assigned to: CPU Architecture:Any

[9 Feb 2022 19:17] Jack Wotherspoon 
Description:
The Cloud SQL Python Connector (https://github.com/GoogleCloudPlatform/cloud-sql-python-connector) would like to support database connections to Cloud SQL using the MySQL Python Connector. In order to do so we require the ability to pass in an existing connection or the ability to configure the connection level SSL.

For reference, we currently support pg8000 for Postgres through the use of their ssl_context argument which allows us to pass in our pre-configured ssl.SSLContext object. (example ssl_context with pg8000: https://github.com/tlocke/pg8000#pg8000-native-connectionuser-hostlocalhost-databasenone-p...)

Is a pre-configured SSL connection or the ability to configure a connection level SSL something that can be supported by the MySQL Python Connector?

Happy to provide more information or assistance if needed. Thanks!

How to repeat:
Not currently supported.

Suggested fix:
Maybe add an ssl_context argument similar to that of pg8000? Just a suggestion.
[10 Feb 2022 4:01] MySQL Verification Team 
Hello Jack,

Thank you for the feature request!

regards,
Umesh
[11 Feb 2022 16:13] Nuno Mariz 
Posted by developer:
 
Can you elaborate the goal of providing a `ssl.SSLContext` in the connection options?
For the pure Python is possible to pass such object, but for the C extension we need to extract the information from object, with `SSLContext.get_ca_certs()`, `SSLContext.get_ciphers()`, etc. and pass them to libmysqlclient.
[14 Feb 2022 16:38] Jack Wotherspoon 
Yes, for sure! The main goal is to be able to connect with a pre-configured SSL connection. We currently create an SSL Context object and use `SSLContext.load_cert_chain()` to load in the cert and key from temporary files. https://github.com/GoogleCloudPlatform/cloud-sql-python-connector/blob/main/google/cloud/s...

We currently have it so that we later use the pre-configured SSL Context when making connections to Cloud SQL via pure python drivers such as pymysql, pg8000 and pytds.

Ideally, we would like to follow the same pattern to connect to the MySQL Python Connector if possible. Let me know if this helps add any insight into the issue. Happy to provide more info or clear things up if need be.

Thanks!