SSL support broken, despite SSL support in command line mysql client

Status changed to 'Confirmed' because the bug affects multiple users.

I'm experiencing the same issue, MySQLdb doesn't have SSL support.

Python 2.7.3 (default, Apr 20 2012, 22:39:59)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import MySQLdb
>>> con = MySQLdb.connect('localhost', 'testuser','test623', 'testdb', ssl="foo")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python2.7/dist-packages/MySQLdb/__init__.py", line 81, in Connect
    return Connection(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/MySQLdb/connections.py", line 187, in __init__
    super(Connection, self).__init__(*args, **kwargs2)
_mysql_exceptions.NotSupportedError: client library does not have SSL support

The file _mysql.c (part of MySQLdb) looks for HAVE_OPENSSL, which should be defined in /usr/include/mysql/my_config.h (this file belongs to libmysqlclient-dev)

I hacked mine to work by defining HAVE_OPENSSL in _mysql.c so that SSL is compiled despite what mysql_config doesn't say:

diff -ur MySQL-python-1.2.3/_mysql.c python-mysqldb-1.2.3/_mysql.c
--- MySQL-python-1.2.3/_mysql.c 2010-06-17 09:21:56.000000000 +0200
+++ python-mysqldb-1.2.3/_mysql.c 2012-08-16 08:23:36.567236117 +0200
@@ -475,6 +475,7 @@
        MYSQL *conn = NULL;
        PyObject *conv = NULL;
        PyObject *ssl = NULL;
+#define HAVE_OPENSSL 1
 #if HAVE_OPENSSL
        char *key = NULL, *cert = NULL, *ca = NULL,
                *capath = NULL, *cipher = NULL;

I am having the exact same problem and it appears to be due to mysql_config on ubuntu 12.04 no longer reporting --lssl as when running "mysql_config --libs".

http://sourceforge.net/p/mysql-python/svn/656/
Here's the link to the patch Andy Dustmann made to fix the problem. Since he's the upstream author, it should be a reasonable approach.

Applying that patch to the source worked well for me.

The attachment "Simply copied Andy Dustmann's patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

This has been fixed in Debian using the same patch that was linked to:

 python-mysqldb (1.2.3-2) unstable; urgency=low

   [ Mika Pflüger ]
   * Team upload.
   * debian/patches/05_ssl.patch: Add upstream patch to force building
     SSL support with newer MySQL client libraries. Thanks to Eldon Koyle
     for isolating the fix in the upstream VCS. (Closes: #678169)
   * Delete now obsolete debian/patches/README.source which referred to
     dpatch.

   [ Thomas Goirand ]
   * Added a debian/rules clean: rm MySQL_python.egg-info/PKG-INFO, so it is
     possible to build the package twice.

 -- Mika Pflüger <email address hidden> Mon, 11 Mar 2013 18:03:06 +0100

I've uploaded the fix to Raring which will become Ubuntu release 13.04. If you would like to see this fixed in Ubuntu 12.04 please fill out Stable Release Update information for this bug report following the guidelines at http://wiki.ubuntu.com/StableReleaseUpdates and I'll be happy to get this uploaded to Precise for you. Thanks!

This bug was fixed in the package python-mysqldb - 1.2.3-1ubuntu1

---------------
python-mysqldb (1.2.3-1ubuntu1) raring; urgency=low

  * debian/patches/05_ssl.patch: Add upstream patch to force building
    SSL support with newer MySQL client libraries. Thanks to Lloyd Kvam
    for raising the issue. (LP: #1027075)
 -- Brian Murray <email address hidden> Thu, 28 Mar 2013 16:07:10 -0700

SRU Bug Template

[Impact]

 * A change in MySQL confused the python-mysqldb (version 1.2.3) build process into omitting SSL support. Andy Dustman, the upstream author, dealt with this by adding this patch. It simply checks for the new MySQL versions and automatically sets the proper C macro variable to enable SSL support in the Python module.

 * MySQL supports SSL encrypted connections which is very handy for remote clients connecting over the Internet. This was originally working in the stable release, but was inadvertently lost in the Python module due to the change in MySQL.

 * The patch simply enables the interface module to create and use the additional variables required to support SSL connections.

[Test Case]

 * detailed instructions how to reproduce the bug:
I am omitting the detailed instructions. There is a fair amount of setup work with certificates and a remote MySQL server to test ssl connections. Applying this patch fixed the failure for me.

 * these should allow someone who is not familiar with the affected
   package to reproduce the bug and verify that the updated package fixes
   the problem.

[Regression Potential]

 * People rebuilding from source could foul up the SSL dependencies so that they could specify SSL parameters within a python-mysqldb connection request, but not have SSL support in their compiled versions of the MySQL client libraries.

My usage includes both SSL connections and unencrypted "regular" connections. All work fine.

[Other Info]

The need for this patch disappears when you catch up to the latest python-mysqldb.

I had problems when I attempted to compile the most recent version of python-mysqldb in the 1.2 series on my Ubuntu 12.04 system. That's why I settled for the simple patch to enable SSL without picking up other changes. It appears that Debian is your upstream source for python-mysqldb. I presume they will understand and deal with any additional changes forced by the later versions.

A test case does not need to spell out the details of how to setup and configure a remote MySQL server as that is something that is likely to be well documented. However, if there are changes to the configuration of that server those should be included. Regardless I've uploaded this to the precise-proposed queue.

Hello C, or anyone else affected,

Accepted python-mysqldb into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/python-mysqldb/1.2.3-1ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Looks correct to me: The "/proposed" package fixes this problem - I tested the "precise" package on a "quantal" installation which was broken before the fix (no SSL support). After the fix the mysql SSL connection worked.

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

This bug was fixed in the package python-mysqldb - 1.2.3-1ubuntu0.1

---------------
python-mysqldb (1.2.3-1ubuntu0.1) precise-proposed; urgency=low

  * debian/patches/05_ssl.patch: Add upstream patch to force building
    SSL support with newer MySQL client libraries. Thanks to Lloyd Kvam
    for raising the issue. (LP: #1027075)
 -- Brian Murray <email address hidden> Fri, 29 Mar 2013 07:49:23 -0700