-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable reading SSL parameters from configuration file #552
Conversation
e707ad7
to
b07494a
Compare
pymysql/connections.py
Outdated
# No SSL parameters were given either via the class parameter or | ||
# the configuration file | ||
if not any(x for x in ssl.values()): | ||
ssl = None |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if not any(ssl.values())
And read_default_file
option changes how ssl = {"ca": ""}
is considered.
if read_default_file=False
, ssl is overwritten to None. Otherwise, passed ssl
is used as-is.
I don't like it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually, this is for the if read_default_file: case. So it will only be read when that's set.
pymysql/connections.py
Outdated
ssl = None | ||
|
||
self.ssl = False | ||
if ssl: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mabe, if ssl and any(ssl.values())
.
b07494a
to
7f21f19
Compare
@methane I updated the commit. What do you think? |
pymysql/connections.py
Outdated
# must have preference. | ||
for key, value in ssl_config_params.items(): | ||
if value: | ||
ssl.setdefault(key, value) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
since you used _config
when building ssl_config_params,
you can just ssl[key] = value
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using ssl[key] = value would overwrite the value that's already there, and this gives priority to the values that are set via the ssl dict.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's why I added the comment above this for loop.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
read _config()
function.
7f21f19
to
20ea19b
Compare
@methane you are right, I changed it accordingly. |
pymysql/connections.py
Outdated
} | ||
for key, value in ssl_config_params.items(): | ||
if value: | ||
ssl[key] = value |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How about this?
for key in ["ca", "capath", "cert", "key", "cipher"]:
value = cfg.get(read_default_group, "ssl-" + key)
if value:
ssl[key] = value
(I hadn't check mysql options yet.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I confirmed options have exactly same name.
@methane by the way, I see that in the _create_ssl_ctx function there is a check such as this: |
Ah, yes please. Use config only when dict is None or |
This enables the reading of some basic SSL parameters from the configuration file. It gives precedence to the ssl parameters provided by the class parameter (the ssl dict).
20ea19b
to
d883a44
Compare
@methane done; and I really liked your suggestion. I added the minimized loop you suggested as part of the change. |
Tested it successfully in my deployment. @methane thanks for the great reviews. Let me know if there's anything else I should change. |
This enables the reading of some basic SSL parameters from the
configuration file. It gives precedence to the ssl parameters provided
by the class parameter (the ssl dict).