It just seems like Pyrit has no support for connecting to MySQL over SSL.

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Set up a MySQL 5.5.11 Server on Ubuntu 10.04.1 and configure it to support 
SSL
2. Try to connect from a remote OSX 10.6.7 machine running Pyrit with this 
command:

pyrit -u 
"mysql://dbuser:dbpassword@dbserverip/pyritdb?ssl_key=/local/path/to/clientkey.p
em&ssl_cert=/local/path/to/clientcert.pem" eval

What is the expected output? What do you see instead?

I would expect to be able to connect remotely over SSL and perform any pyrit 
operation.

What version of the product are you using? On what operating system?

I'm using the latest released stable version running on Ubuntu Linux 10.04.01 
LTS with MySQL 5.5.11 as the backend for the Pyrit database.  The issue is with 
a second instance of Pyrit running on OSX 10.6.7 and trying to connect to the 
MySQL backend server remotely over SSL.

Please provide any additional information below.

The issue occurs when trying to connect to the MySQL instance remotely over SSL 
with this command:

pyrit -u 
"mysql://dbuser:dbpassword@dbserverip/pyritdb?ssl_key=/local/path/to/clientkey.p
em&ssl_cert=/local/path/to/clientcert.pem" -e target-essid create_essid

According to the SQLAlchemy documentation, the 
"?ssl_key=/local/path/to/clientkey.pem&ssl_cert=/local/path/to/clientcert.pem" 
part of the url should work.  But, I get a big stack trace and this error:

sqlalchemy.exc.NotSupportedError: (NotSupportedError) client library does not 
have SSL support None None

I also tried setting up an ODBC DSN that included SSL parameters, but couldn't 
get Pyrit to work with this command:

pyrit -u mysql://MySQL -e target-essid create_essid

I'm able to successfully connect using the DSN "MySQL" with iodbctest with this 
connection string:

Driver={MySQL ODBC 5.1 Driver};DSN=MySQL;Option=3;

I can also connect using the MySQL command line client on OSX with the below 
command, so I know the SSL connection and all other variables are working as 
expected:

mysql -h dbserverip -u dbuser -p --ssl-key=/local/path/to/clientkey.pem 
--ssl-cert=/local/path/to/clientcert.pem

It just seems like Pyrit has no support for connecting to MySQL over SSL.  

Original issue reported on code.google.com by dcarr...@gmail.com on 9 May 2011 at 2:42

[GoogleCodeExporter]

I forgot to mention that I am able to use the remote MySQL database server as 
the backend for the Pyrit instance running on OSX if I remove any SSL 
parameters and allow the pyrit database user to connect over an unencrypted 
connection (REQUIRE NONE).  So, for example, this command results in the 
expected eval output:

pyrit -u "mysql://dbuser:dbpassword@dbserverip/pyritdb" eval

Original comment by dcarr...@gmail.com on 9 May 2011 at 2:47

[GoogleCodeExporter]

This is not something Pyrit can do anythng about. Please see the SQLAlchemy 
guys about how to use SSL with mysql.

Original comment by lukas.l...@gmail.com on 12 May 2011 at 6:52

• Changed state: WontFix

[GoogleCodeExporter]

Thanks for the response.  I'll check with the SQLAlchemy guys about this issue 
connecting to MySQL over SSL.  I was a bit confused by the part of the stack 
trace error "client library does not have SSL support."  I thought it was 
indicating that there is a lack of support for SSL in Pyrit.  By the way, Pyrit 
is a very impressive piece of work!  Nice job!

Original comment by dcarr...@gmail.com on 12 May 2011 at 7:32

[GoogleCodeExporter]

I traced this issue down to the version of MySQL that I was running on the 
client side. MySQLdb (MySQL-python) and therefore, SQLAlchemy and Pyrit can't 
utilize SSL with MySQL when the client version of MySQL is anything higher than 
5.5 (confirmed with 5.5.11 and 5.5.12). However, I was able to get it working 
with MySQL versions 5.1.41 and 5.1.57.  Another thing worth mentioning is that 
the remote MySQL server can be 5.5.x (which is where I need all the performance 
improvements from 5.5.x anyway) so that's good.  

Cheers,
Dave

Original comment by dcarr...@gmail.com on 14 May 2011 at 11:51

[GoogleCodeExporter]

If anyone is interested in getting Pyrit set up to connect to a remote MySQL 
instance over SSL, here's a step by step guide: 
https://es.oteric.info/articles/how-to-install-pyrit-with-mysql-with-ssl-and-cud
a-support-on-osx

This is specific to a remote client running on OSX, but most of it would 
probably also apply to any *nix environment.  

Original comment by dcarr...@gmail.com on 3 Aug 2011 at 3:11