search

prisma / docs

šŸ“š Prisma Documentation
https://www.prisma.io/docs
Apache License 2.0
988 stars 778 forks source link

sslaccept=accept_invalid_certs seems to not be the default #3564

Open P4sca1 opened 2 years ago

P4sca1 commented 2 years ago

Bug description

I am trying to connect to a MySQL database, with a user that has the REQUIRE SSL option set.

The following error appears:

[1657368933547] FATAL: Startup failed
    err: {
      "type": "PrismaClientInitializationError",
      "message": "Authentication failed against database server at `[omitted]`, the provided database credentials for `[omitted]` are not valid.\n\nPlease make sure to provide valid database credentials for the database server at `[omitted]`.",
      "stack":
          Error: Authentication failed against database server at `[omitted]`, the provided database credentials for `[omitted]` are not valid.

          Please make sure to provide valid database credentials for the database server at `[omitted]`.
              at [omitted]/node_modules/@prisma/client/runtime/index.js:45403:20
      "clientVersion": "4.0.0",
      "errorCode": "P1000"
    }

The MySQL server uses a self-signed certificate.

How to reproduce

You need a MySQL server which allows SSL connections and uses a self-signed certificate. This is the default behaviour in MySQL.

  1. Enable the REQUIRE SSL option for your MySQL user: ALTER USER 'myuser'@'myhost' REQUIRE SSL
  2. Start your prisma application

Expected behavior

The connection should be successfully established using default options. According to the docs, sslaccept=accept_invalid_certs is the default. However, this does not seem to be the case, because the connection does not work. When I manually add ?sslaccept=accept_invalid_certs to the database URL, the connection gets established successfully.

Prisma information

Not working database url: mysql://myuser:mypassword@dbhost:3306/database Working database url: mysql://myuser:mypassword@dbhost:3306/database?sslaccept=accept_invalid_certs

Environment & setup

Prisma Version

prisma                  : 4.0.0
@prisma/client          : 4.0.0
Current platform        : darwin
Query Engine (Node-API) : libquery-engine da41d2bb3406da22087b849f0e911199ba4fbf11 (at node_modules/prisma/node_modules/@prisma/engines/libquery_engine-darwin.dylib.node)
Migration Engine        : migration-engine-cli da41d2bb3406da22087b849f0e911199ba4fbf11 (at node_modules/prisma/node_modules/@prisma/engines/migration-engine-darwin)
Introspection Engine    : introspection-core da41d2bb3406da22087b849f0e911199ba4fbf11 (at node_modules/prisma/node_modules/@prisma/engines/introspection-engine-darwin)
Format Binary           : prisma-fmt da41d2bb3406da22087b849f0e911199ba4fbf11 (at node_modules/prisma/node_modules/@prisma/engines/prisma-fmt-darwin)
Default Engines Hash    : da41d2bb3406da22087b849f0e911199ba4fbf11
Studio                  : 0.465.0
P4sca1 commented 2 years ago

This also results in MySQL connections from prisma to be unencrypted by default, because the certificate is not trusted and it then falls back to unencrypted connections.

jharrell commented 1 week ago

šŸ‘‹ we're cleaning up our backlog of issues and are closing everything older than two years. If you still feel that this issue is relevant, please feel free to re-open and our team will take a look. Thank you!

P4sca1 commented 1 week ago

I think this is still relevant @jharrell