Enable reading SSL parameters from configuration file #552
Conversation
JAORMX
force-pushed
the
ssl-configuration-file
branch
from
e707ad7
to
b07494a
Compare
pymysql/connections.py
Outdated
| # No SSL parameters were given either via the class parameter or | ||
| # the configuration file | ||
| if not any(x for x in ssl.values()): | ||
| ssl = None |
There was a problem hiding this comment.
if not any(ssl.values())
And read_default_file option changes how ssl = {"ca": ""} is considered.
if read_default_file=False, ssl is overwritten to None. Otherwise, passed ssl is used as-is.
I don't like it.
There was a problem hiding this comment.
Actually, this is for the if read_default_file: case. So it will only be read when that's set.
pymysql/connections.py
Outdated
| ssl = None | ||
|
|
||
| self.ssl = False | ||
| if ssl: |
There was a problem hiding this comment.
Mabe, if ssl and any(ssl.values()).
JAORMX
force-pushed
the
ssl-configuration-file
branch
from
b07494a
to
7f21f19
Compare
|
@methane I updated the commit. What do you think? |
pymysql/connections.py
Outdated
| # must have preference. | ||
| for key, value in ssl_config_params.items(): | ||
| if value: | ||
| ssl.setdefault(key, value) |
There was a problem hiding this comment.
since you used _config when building ssl_config_params,
you can just ssl[key] = value
There was a problem hiding this comment.
Using ssl[key] = value would overwrite the value that's already there, and this gives priority to the values that are set via the ssl dict.
There was a problem hiding this comment.
That's why I added the comment above this for loop.
JAORMX
force-pushed
the
ssl-configuration-file
branch
from
7f21f19
to
20ea19b
Compare
|
@methane you are right, I changed it accordingly. |
pymysql/connections.py
Outdated
| } | ||
| for key, value in ssl_config_params.items(): | ||
| if value: | ||
| ssl[key] = value |
There was a problem hiding this comment.
How about this?
for key in ["ca", "capath", "cert", "key", "cipher"]:
value = cfg.get(read_default_group, "ssl-" + key)
if value:
ssl[key] = value
(I hadn't check mysql options yet.)
There was a problem hiding this comment.
I confirmed options have exactly same name.
|
@methane by the way, I see that in the _create_ssl_ctx function there is a check such as this: |
|
Ah, yes please. Use config only when dict is None or |
This enables the reading of some basic SSL parameters from the configuration file. It gives precedence to the ssl parameters provided by the class parameter (the ssl dict).
JAORMX
force-pushed
the
ssl-configuration-file
branch
from
20ea19b
to
d883a44
Compare
|
@methane done; and I really liked your suggestion. I added the minimized loop you suggested as part of the change. |
|
Tested it successfully in my deployment. @methane thanks for the great reviews. Let me know if there's anything else I should change. |
This enables the reading of some basic SSL parameters from the
configuration file. It gives precedence to the ssl parameters provided
by the class parameter (the ssl dict).