wthebutcher has asked for the wisdom of the Perl Monks concerning the following question:

When trying to connect to a MySQL database that uses SSL, I get an Unknown Error Number. The script I'm using is really simple, yet I'm not able to do it.

#!/usr/bin/perl
use strict;
use warnings;
use v5.10;

use DBI;
say "Perl MySQL Connect Demo";

my $dsn = "DBI:mysql:db:server";
my $username = "user";
my $password = 'password';

my $dbh = DBI->connect($dsn,$username,$password);

[download]
Debugging, I get the following error: 
DBI connect('db:server','user',...) failed: SSL connection error: unkn
+own error number at ./myscript.pl line 13.
 at /usr/lib/x86_64-linux-gnu/perl5/5.22/DBI.pm line 697.
    DBI::__ANON__[/usr/lib/x86_64-linux-gnu/perl5/5.22/DBI.pm:750](und
+ef, undef) called at /usr/lib/x86_64-linux-gnu/perl5/5.22/DBI.pm line
+ 752
    DBI::connect("DBI", "DBI:mysql:db:server", "user", "password") cal
+led at ./myscript.pl line 13

[download]
Disabling SSL at MySQL allows the connection to work. Can you please help me? Any suggestion?

Replies are listed 'Best First'.
Re: Connection to mysql database fails when using SSL
by Mr. Muskrat (Canon) on Aug 01, 2017 at 18:17 UTC

    Try this out and see it works better. The connect method is not documented to accept a DSN in that format.

    #!/usr/bin/perl
use strict;
use warnings;
use v5.10;

use DBI;
say "Perl MySQL Connect Demo";

my $db = 'db'; # or whatever it really is
my $server = 'server'; # ditto
my $dsn = "DBI:mysql:database=$db;host=$server";
my $username = "user";
my $password = 'password';

my $dbh = DBI->connect($dsn,$username,$password);

    [download]

    See also DBD::mysql Class Methods for the full documentation on connect.

    Update: You may also need to add in the port.

    Update 2: You may need to set some MySQL specific variables in order to get a secure connection working.

    ...
my $port = 12345; # whatever is should be
my $dsn = "DBI:mysql:database=$db;host=$server;port=$port;
mysql_ssl=1; 
mysql_ssl_client_key=/var/lib/ssl/client-key.pem; 
mysql_ssl_client_cert=/var/lib/ssl/client-cert.pem; 
mysql_ssl_ca_file=/var/lib/ssl/cacert.pem"; # Your paths may vary...
...

    [download]
    <code>
[reply]
[d/l]
[select]
      Hi Mr. Muskrat, thank you for your response...it's been really helpful trying to debug what's going on. The thing is...I don't even want to use SSL to connect, as the connection will manage data that is neither relevant nor important (it's one of the tools percona provides to perform some checks over the data, but I tracked the issue to the connection itself rather than the tool, as I was able to reproduce the error creating that simple connection script). I tried specifying mysql_ssl=0 at the dsn, with no luck. I can connect to the server using mysql client without SSL, but couldn't get it to work with perl. Perl version is v5.22.1 built for x86_64-linux-gnu-thread-multi, and we first started having this kind of issues when we moved from Ubuntu 12.04 to Ubunt 16.04 Any Ideas?
[reply]
Re: Connection to mysql database fails when using SSL
by natxo (Scribe) on Aug 01, 2017 at 18:57 UTC
    I do not have access to a mysql instance with tls/ssl right now, but I remember using this instructions and getting it to work:

    http://linux.uits.uconn.edu/2013/04/30/setting-up-mysql-over-tls/

    You need first to set the certificate settings in your mysql client settings (systemwide /etc/my.cnf, user in ~/.my.cnf); after that you can add mysql_ssl=1 to the db handle in your perl script.

[reply]
Re: Connection to mysql database fails when using SSL
by Marshall (Canon) on Aug 02, 2017 at 00:54 UTC
    I don't know if this will help or not, but when working on LWP programs, I found that I needed to install the module Crypt-SSLeay to work with https:// url's. May not be needed for a DB SSL connection? I don't know... just an idea.
[reply]
Re: Connection to mysql database fails when using SSL
by thanos1983 (Parson) on Aug 02, 2017 at 08:47 UTC

    Hello wthebutcher,

    Welcome to the Monastery. I do not know if you problem is resolved so I would like to add something minor.

    I would agree with fellow monk Mr. Muskrat on the connect call but also I would use DBI/RaiseError on your connect call to capture any errors to see at least the possible reason of your error.

    From the documentation:

    The RaiseError attribute can be used to force errors to raise exceptio
+ns rather than simply return error codes in the normal way.

    [download]

    Sample of code:

    #!/usr/bin/perl
use DBI;
use v5.10;
use strict;
use warnings;
use feature 'say';
use Config::Simple;

my %config = ();
my $path = 'conf.ini';

sub mysql_con {
    Config::Simple->import_from("".$path."", \%config)
    or die Config::Simple->error();

    my $dbh = DBI->connect("dbi:mysql::".$config{'MySQL.host'}.":".$co
+nfig{'MySQL.port'}."", 
               "".$config{'MySQL.user'}."",
               "".$config{'MySQL.pass'}."",
               { 'PrintError' => 1, 'RaiseError' => 1 , 'AutoInactiveD
+estroy' => 1 }
    ) or die "Could not connect to ". $config{'MySQL.host'} .": ". $DB
+I::errstr ."\n";

    my $databases = $dbh->do("SHOW DATABASES LIKE '".$config{'MySQL.db
+'}."'")
    or die "Error: " .dbh->errstr. "\n";

    $dbh->disconnect()
    or warn "Error disconnecting: $DBI::errstr\n";

    if ($databases eq 1) {
    return "Database: ". $config{'MySQL.db'} .
        " exists not creating: ". $config{'MySQL.db'} ."";
    }
    return "Database: ". $config{'MySQL.db'} .
    " does not exist create: ". $config{'MySQL.db'} ."";
}

say mysql_con();

    [download]

    I also use the Config::Simple module as I prefer to when I have multiple scripts connecting to multiple databases. Sample of config file (conf.ini) bellow:

    [MySQL]
user=user
pass=password
host=localhost
port=3306
db=PerlMonks

    [download]

    Update: Adding ssl certification to connect:

    #!/usr/bin/perl
use DBI;
use v5.10;
use strict;
use warnings;
use feature 'say';
use Config::Simple;

my %config = ();
my $path = 'conf.ini';

sub mysql_con {
    Config::Simple->import_from("".$path."", \%config)
    or die Config::Simple->error();

    my $dbh = DBI->connect("dbi:mysql::".$config{'MySQL.host'}.":".$co
+nfig{'MySQL.port'}.",
               mysql_ssl=1;
               mysql_ssl_client_key=/etc/mysql/certs/client-key.pem; 
               mysql_ssl_client_cert=/etc/mysql/certs/client-cert.pem;
               mysql_ssl_ca_file=/etc/mysql/certs/ca-cert.pem",
               $config{'MySQL.user'},
               $config{'MySQL.pass'},
               { 'PrintError' => 1, 'RaiseError' => 1 , 'AutoInactiveD
+estroy' => 1 }
    ) or die "Could not connect to ". $config{'MySQL.host'} .": ". $DB
+I::errstr ."\n";

    my $databases = $dbh->do("SHOW DATABASES LIKE '".$config{'MySQL.db
+'}."'")
    or die "Error: " .dbh->errstr. "\n";

    $dbh->disconnect()
    or warn "Error disconnecting: $DBI::errstr\n";

    if ($databases eq 1) {
    return "Database: ". $config{'MySQL.db'} .
        " exists not creating: ". $config{'MySQL.db'} ."";
    }
    return "Database: ". $config{'MySQL.db'} .
    " does not exist create: ". $config{'MySQL.db'} ."";
}

say mysql_con();

__END__

$ perl mysql.pl
Database: PerlMonks exists not creating: PerlMonks

    [download]

    You can also read more about in similar question with examples DBI:mysql connection over SSL fails

    Hope this helps, BR.

    Seeking for Perl wisdom...on the process of learning...not there...yet!
[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom