search

stackhero-io / node-red-contrib-stackhero-mysql

Node-RED node to read and write to a MySQL or a MariaDB database. Compatible with TLS (SSL) and "Caching SHA2 password" authentication method.
16 stars 7 forks source link

Error: Self signed certificate in certificate chain #10

Open dl-lim opened 3 years ago

dl-lim commented 3 years ago

Any chance of getting rid of this via the plugin?

Would be great if we could provide the client keys and certs here too.

Nikoolayy1 commented 3 years ago

Add to the main.js file under <home/user or root>node-red/node_modules/node-red-contrib-stackhero-mysql/src this code " ssl: {rejectUnauthorized: false}," 

 // Note: the connection is not done here
  this.pool = mysql.createPool({
    host: config.host,
    port: config.port,
    user: this.credentials.user,
    password: this.credentials.password,
    database: config.database,
    waitForConnections: true,
    connectionLimit: 5,
    queueLimit: 0,
    connectTimeout: 1000,
    ssl: config.tls ? {} : false,
    ssl: {rejectUnauthorized: false},

I got the idea from the documentation for the mysql node for node red and its drivers:

https://www.npmjs.com/package/mysql

emphasize commented 3 years ago

not pretty good at js (resp. know how mysql.createPool() is operating), but shouldn't this be 

connectTimeout: 1000,
ssl: config.tls ? {rejectUnauthorized: false} : false,

otherwise this might get problematic eventually (if tls turned off)

but it gave me an entry point for my problem ;) Yet i would expect your ca-certificate doesn't cover the CN of the db. Make an internal one (if applicable) with openssl and pass it like

ssl: config.tls ? {
            ca : require("fs").readFileSync('.../ca.pem'),
            key : require("fs").readFileSync('.../client-key.pem'),
            cert : require("fs").readFileSync('.../client-cert.pem'),
            rejectUnauthorized: true
        } : false,

in this case you can reject, which doesn't defy the purpose