I want to connect via Jdbc.getConnection() with my Google Cloud MySQL db and use SSL.
Within GAS: I have made the exact same setup as described in this old answer, but I get the error message: "Exception: We're sorry, a server error occurred. Please wait a bit and try again."
conn = Jdbc.getConnection('jdbc:mysql://xxx.xxx.xxx.xxx/myDBname?useSSL=true', {
'user': settings.user,
'password': settings.userPwd,
'_serverSslCertificate': '-----BEGIN CERTIFICATE-----super_secret_1-----END CERTIFICATE-----',
'_clientSslCertificate': '-----BEGIN CERTIFICATE-----super_secret_2-----END CERTIFICATE-----',
'_clientSslKey': '-----BEGIN RSA PRIVATE KEY-----super_secret_3-----END RSA PRIVATE KEY-----'
});
Did something change over the years?
What I have tried so far:
The user and password seems to be correct, because without "?useSSL=true" everything works
I have also created new SSL certificates within GCP
Unfortunately Jdbc.getCloudSqlConnection() is not an option to use instead Jdbc.getConnection()
Runtime V8 and Stable/Rhino throw the same error
Cause for the issue: Within the certificate and key strings the "\n" are missing.
These are not inserted within the GCP SQL modal when a new SSL certificate was created. So you need to download client-key.pem, client-cert.pem and server-ca.pem and replace each line break with a "\n".
Related
I am using built in Laravel 8 login system with its scaffolding have a project that has a forgot password for its login system which sends emails from requests. I'm trying to use Gmail and XAMPP for sending the email. I am unable to send an email using the Gmail account, So I tried configuring my .env and other configuration files in XAMPP. But I get the following error upon sending the request
Swift_TransportException
Connection could not be established with host smtp.googlemail.com :stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Could someone tell me why I'm getting this error and what should I do to get rid of this? Thanks a lot.
<**env**>
MAIL_MAILER=smtp
MAIL_HOST=smtp.googlemail.com
MAIL_PORT=587
MAIL_USERNAME=********#gmail.com
MAIL_PASSWORD=*********
MAIL_ENCRYPTION=ssl
MAIL_FROM_ADDRESS=********#gmail.com
MAIL_FROM_NAME="${APP_NAME}"
<** php.ini**>
inside xampp\php\php.ini under the function under the tab [mail function]
SMTP=smtp.gmail.com
smtp_port=587
sendmail_from = ******#gmail.com
sendmail_path = "\"C:\xampp\sendmail\sendmail.exe\" -t"
<**sendmail.ini**>
inside xampp\mail\sendmail.ini under the function [sendmail]
smtp_server=smtp.gmail.com
smtp_port=587
error_logfile=error.log
debug_logfile=debug.log
auth_username=*******#gmail.com
auth_password=******
force_sender=*******#gmail.com
I have built Poco 1.11 and am unable to get secure SMTP connections, or HTTPS connections in general, to work, with the NetSSL_Win module (i.e. using Windows Schannel rather than OpenSSL). There is a sample in the distribution at NetSSL_Win\samples\Mail\src :
SecureSMTPClientSession session(mailhost);
session.login();
session.startTLS(pContext);
if ( !username.empty() )
{
session.login(SMTPClientSession::AUTH_LOGIN, username, password);
}
session.sendMessage(message);
session.close();
When I run it, the second login() call, after the startTLS() call, throws this error:
SSL Exception: Failed to decode data: The specified data could not be decrypted
The server in this case was smtp.gmail.com, on port 587.
I get the same error message for any other HTTPS client code I try to run as well.
Is anyone successfully using Poco 1.11 for HTTPS connections, using Windows Schannel?
I have been using Heroku for a while to host my Discord bot. It has been connecting to a MySQL database hosted on ClearDB successfully. However, very recently, whenever I use the bot and it tries to connect to the database, it throws this error:
2026 (HY000): SSL connection error: error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
It has been working completely fine until now, and I haven't changed anything. For background, all I did was delete a pipeline and make my app a standalone app without any pipeline. Just in case this helps.
Is this because Heroku has been updated? How can I fix my bot? Let me know if you need any more information.
Any help is appreciated, and Thank You in advance!
EDIT:
Database connection code:
import mysql.connector
def create_conn():
conn = None
try:
conn = mysql.connector.connect(host="HOST",
database="DB",
user="USER",
password="PWD")
except Exception as e:
print(e)
return conn
def execute_query(query, params, fetchall=True):
conn = create_conn()
if conn:
cursor = conn.cursor()
cursor.execute(query % params)
try:
if fetchall:
results = cursor.fetchall()
else:
results = cursor.fetchone()
except:
results = None
conn.commit()
cursor.close()
conn.close()
return results
else:
return False
The database connection used to work, and still works when I run it on my testing machine, a raspberry pi.
EDIT 2:
requirements.txt:
aiohttp==3.6.3
async-timeout==3.0.1
attrs==20.3.0
CacheControl==0.12.6
cachetools==4.2.0
certifi==2020.12.5
cffi==1.14.4
chardet==3.0.4
click==7.1.2
cryptography==3.3.1
cssselect==1.1.0
cssutils==1.0.2
discord==1.0.1
discord-pretty-help==1.2.0
discord.py==1.6.0
emoji==0.6.0
Flask==1.1.2
google-api-core==1.24.1
google-api-python-client==1.12.8
google-auth==1.24.0
google-auth-httplib2==0.0.4
google-cloud-core==1.5.0
google-cloud-firestore==2.0.2
google-cloud-storage==1.35.0
google-crc32c==1.1.0
google-resumable-media==1.2.0
googleapis-common-protos==1.52.0
grpcio==1.34.0
gunicorn==20.0.4
httplib2==0.18.1
idna==2.8
importlib-metadata==3.3.0
itsdangerous==1.1.0
jeepney==0.6.0
Jinja2==2.11.2
keyring==21.8.0
lxml==4.6.2
MarkupSafe==1.1.1
msgpack==1.0.2
multidict==4.7.6
mysql-connector-python==8.0.22
numpy==1.19.4
pandas==1.1.5
premailer==3.7.0
proto-plus==1.13.0
protobuf==3.14.0
pyasn1==0.4.8
pyasn1-modules==0.2.8
pycparser==2.20
python-dateutil==2.8.1
python-dotenv==0.15.0
pytz==2020.4
requests==2.25.1
rsa==4.7
schedule==0.6.0
SecretStorage==3.3.0
six==1.15.0
typing-extensions==3.7.4.3
uritemplate==3.0.1
urllib3==1.26.2
Werkzeug==1.0.1
yagmail==0.14.245
yarl==1.5.1
zipp==3.4.0
Just in case you can turn of ssl by:
conn = mysql.connector.connect(host="HOST",
database="DB",
user="USER",
password="PWD",
ssl_disabled=True)
i'm not quite sure how to do this, but i'm pretty sure you have to disable SSL for it to work, hope this helps.
Clearly, you need to enforce an SSL connection between your app and MySQL.
If you are using ruby stack then follow the given options and your SSL error problem will be solved.
Download the CA, Client, and Private Key files from your ClearDB dashboard and place them in the root of the application’s filesystem.
Make sure you have OpenSSL installed, which you can find here for Unix/Linux/OS X and here for Windows.
*Due to the MySQL client library configuration used on Heroku, you will need to strip the password from the private key file, which can be done like this:
$ openssl rsa -in cleardb_id-key.pem -out cleardb_id-key-no-password.pem
You can now delete the cleardb_id-key.pem and rename cleardb_id-key-no-password.pem to cleardb_id-key.pem, which you will use with your app.
*Set the DATABASE_URL config variable with the value of your modified CLEARDB_DATABASE_URL, like this:
$ heroku config:add DATABASE_URL="mysql2://abc1223:dfk243#us-cdbr-east.cleardb.com/my_heroku_db?
sslca=cleardb-ca-cert.pem&sslcert=cleardb_id-cert.pem&sslkey=cleardb_id-key.pem&reconnect=true"
notice how we added the “reconnect=true” parameters to the end of the URL? This is so that your application will automatically reconnect to ClearDB in the event of a connection timeout.
From here, simply restart your application (if Heroku didn’t already do that for you), and as long as you specified the correct file names and paths to the certificates in your DATABASE_URL, your app will now connect via SSL to ClearDB.
According to the ejabberd docs, you can use ldap_tls_certfile in order to verify the TLS connection to the LDAP server. But which certificate is expected here?
Quoting the docs:
A path to a file containing PEM encoded certificate along with PEM
encoded private key. This certificate will be provided by ejabberd
when TLS enabled for LDAP connections. There is no default value,
which means no client certificate will be sent.
Sooo.... I tried to use a concatenated PEM file containing first the host certificate of the ejabberd server, then second the host key. But this leads to the following errors:
<0.471.0>#eldap:connect_bind:1073 LDAP connection to
ldap1.example.com:636 failed: received CLIENT ALERT: Fatal - Handshake
Failure - {bad_cert,hostname_check_failed}
<0.1975.0> TLS client: In state certify at ssl_handshake.erl:1372 generated CLIENT ALERT: Fatal - Handshake Failure - {bad_cert,hostname_check_failed}
This obviously is not what is expected. Is it the public certificate of the LDAP server? But then, what private key is expected?
I'm a bit lost here. Anyone mind to lend me a hand?
Disclaimer: I never used LDAP TLS.
Looking at the ejabberd source code, the value of ejabberd's option ldap_tls_certfile
is copied into eldap's option tls_certfile
https://github.com/processone/ejabberd/blob/e4d600729396a8539e48ac0cbd97ea1b210941cd/include/eldap.hrl#L72
And later the value of eldap's tls_certfile is copied into ssl's option certfile
https://github.com/processone/ejabberd/blob/e4d600729396a8539e48ac0cbd97ea1b210941cd/src/eldap.erl#L580
That option, among others, is provided as an argument when calling ssl:connect/4
https://github.com/processone/ejabberd/blob/e4d600729396a8539e48ac0cbd97ea1b210941cd/src/eldap.erl#L1140
So, the option that you set in ejabberd is named 'certfile' in ssl:connect, you can see here its documentation:
https://erlang.org/doc/man/ssl.html#connect-4
Searching for certfile in that page, it shows this description:
Path to a file containing the user certificate on PEM format.
Is it the public certificate of the LDAP server?
Try that one and comment here.
But then, what private key is expected?
Try not putting any private key. In any case, when the LDAP certificate was created, it produced a private key file, too.
I have a django application running on openshift. From the openshift server I move a file from openshift to a private server. I can do this by setting hostkeys to none and using a password, however that password will change every month so I need to use ssh keys.
I have the following on the private server: known_hosts, id_rsa, id_rsa.pub.
When I try to connect from openshift I receive the error "No Known Hostkeys."
I known since this is a dockerized application running on the cloud this might be a bit tricky to answer, but I could really use some help.
Thank you,
I have attempted to put the id_rsa.pub from the private server into a file and use hostkeys.load(id_rsa.pub) and then connect without a password.
Setup
/opt/app-root/src/.ssh/known_hosts - I have the known_hosts from the private server
/views.py -
id_rsa_pub = "known_hosts"
id_rsa_pub = settings.STATICFILES_DIRS[0] + '/' + id_rsa_pub
known_hosts = '/opt/app-root/src/.ssh/known_hosts'
cnopts = pysftp.CnOpts()
print("id_rsa_pub below:")
print(id_rsa_pub)
cnopts.hostkeys.load(known_hosts)
with pysftp.Connection(host=host, username=username,
private_key=id_rsa_pub, cnopts=cnopts) as srv:
id_rsa_pub is located in static files
The error is "pysftp.exceptions.HostKeysException: No Host Keys Found"
Alright, this was quick.
I never solved the hostkey issue, however if you use private_key=id_rsa_pub and you have a path to it on Openshift in you src somewhere, the connection will go through. Make sure to set cnopts.hostkeys = None.
Thanks