Reputation: 21
Perl DBI:mysql connection over SSL fails
Long time reader but this is my first question here.
I have a MySQL server in a data center and processing servers in another place, therefore I need to encrypt connections from my Perl scripts to the database. All the necessary settings were made on MySQL (creation of a new user, creation of ca, server and client keys) and MySQL connections over SSL work fine.
root@server:# mysql -h _HOST_ --port 3306 -u _SSL_USER_ --ssl-cert=/etc/mysql/certs/client-cert.pem --ssl-key=/etc/mysql/certs/client-key.pem -p _DATABASE_
Enter password:
Welcome to the MySQL monitor.
Commands end with ; or \g.
Your MySQL connection id is 49694205
Server version: 5.0.96 Source distribution ...
So, I believe set up is good. The problem is that I can't make my Perl script to connect to the database. The returned error is simply:
Access denied for user '_SSL_USER_'@'HOST' (using password: YES) at temp.pl line 7.
To simplify, I've put only the following code in my script:
#!/usr/bin/perl
use strict;
use DBI;
#DBI->trace(5);
my $dbh = DBI->connect(
"DBI:mysql:database=_DATABASE_;host=_HOST_;
mysql_ssl=1;
mysql_ssl_client_key=/etc/mysql/certs/client-key.pem;
mysql_ssl_client_cert=/etc/mysql/certs/client-cert.pem;
mysql_ssl_ca_file=/etc/mysql/certs/ca-cert.pem",
'_SSL_USER_',
'_SSL_USER_PWD_'
) || die DBI->errstr;
exit(0);
Perl version is v5.10.0 built for i486-linux-thread-multi. The DBD::mysql module was compiled with the '-ssl' option.
I can't figure it out or find ways to further debug. Any help would be much appreciated.
Thank you!
Upvotes: 2
Views: 9623
Answers (1)
Reputation: 5069
Are you using the latest version from all Perl modules?
I have found this thread: http://forums.mysql.com/read.php?51,78084,78264#msg-78264
Fixed it. Upgraded DBD-mysql from 2.9007 -> 3.0002 and it works like a charm.
Maybe removing the username/password would help?
my $dbh = DBI->connect(
"DBI:mysql:database=_DATABASE_;host=_HOST_;
mysql_ssl=1;
mysql_ssl_client_key=/etc/mysql/certs/client-key.pem;
mysql_ssl_client_cert=/etc/mysql/certs/client-cert.pem;
mysql_ssl_ca_file=/etc/mysql/certs/ca-cert.pem",
'',
''
) || die DBI->errstr;
Can't say what the problem is for you, but I'm assuming you have included the username and password in the DBI->connect line and the other thing is that the cacert and client certs need to be on your remote computer (the one with the PERL script). Other than that I'd be happy to help if you have more detail.
You could try to tracing the error: http://search.cpan.org/perldoc/DBI#TRACING
DBI_TRACE=8=/tmp/dbitrace.log
export DBI_TRACE
./your_program.pl
You could use shell variables to make sure you are doing the same in Perl and in shell:
export DB_HOST="your host"
export DB_USER=""
export DB_PWD=""
export DB_DATABASE=""
mysql -h "$DB_HOST" --port 3306 -u "DB_USER" --ssl-cert=/etc/mysql/certs/client-cert.pem --ssl-key=/etc/mysql/certs/client-key.pem -p "$DB_DATABASE"
my $dbh = DBI->connect(
"DBI:mysql:database=$ENV{"DB_HOST"};host=$ENV{"DB_HOST"};
mysql_ssl=1;
mysql_ssl_client_key=/etc/mysql/certs/client-key.pem;
mysql_ssl_client_cert=/etc/mysql/certs/client-cert.pem;
mysql_ssl_ca_file=/etc/mysql/certs/ca-cert.pem",
'',
''
) || die DBI->errstr;
Upvotes: 2
Related Questions
- Perl - DBI cannot connect to MySQL (Access Denied...)
- Mysql connection over SSL with PHP mysqli
- SSL connection works with mysql client but not perl DBI:MariaDB
- mysql_skip_secure_auth not skipping secure auth
- Perl TLS1.2 to MySql Db
- Perl Database connect not working in .pm file
- Unable to connect to mysql using perl DBI module
- MySQL and SSL connection failing ERROR 2026 (HY000)
- Perl: Connect to remote database SSL error
- Why does my Perl script fail to connect to the database?