summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--django/db/backends/mysql/client.py12
-rw-r--r--docs/releases/2.0.txt2
-rw-r--r--tests/dbshell/test_mysql.py11
3 files changed, 20 insertions, 5 deletions
diff --git a/django/db/backends/mysql/client.py b/django/db/backends/mysql/client.py
index c5cc69c3a0..224bfc3dc6 100644
--- a/django/db/backends/mysql/client.py
+++ b/django/db/backends/mysql/client.py
@@ -14,7 +14,9 @@ class DatabaseClient(BaseDatabaseClient):
passwd = settings_dict['OPTIONS'].get('passwd', settings_dict['PASSWORD'])
host = settings_dict['OPTIONS'].get('host', settings_dict['HOST'])
port = settings_dict['OPTIONS'].get('port', settings_dict['PORT'])
- cert = settings_dict['OPTIONS'].get('ssl', {}).get('ca')
+ server_ca = settings_dict['OPTIONS'].get('ssl', {}).get('ca')
+ client_cert = settings_dict['OPTIONS'].get('ssl', {}).get('cert')
+ client_key = settings_dict['OPTIONS'].get('ssl', {}).get('key')
defaults_file = settings_dict['OPTIONS'].get('read_default_file')
# Seems to be no good way to set sql_mode with CLI.
@@ -31,8 +33,12 @@ class DatabaseClient(BaseDatabaseClient):
args += ["--host=%s" % host]
if port:
args += ["--port=%s" % port]
- if cert:
- args += ["--ssl-ca=%s" % cert]
+ if server_ca:
+ args += ["--ssl-ca=%s" % server_ca]
+ if client_cert:
+ args += ["--ssl-cert=%s" % client_cert]
+ if client_key:
+ args += ["--ssl-key=%s" % client_key]
if db:
args += [db]
return args
diff --git a/docs/releases/2.0.txt b/docs/releases/2.0.txt
index 9a7c207fd6..70a21d3da6 100644
--- a/docs/releases/2.0.txt
+++ b/docs/releases/2.0.txt
@@ -210,6 +210,8 @@ Management Commands
* On Oracle, :djadmin:`inspectdb` can now introspect ``AutoField`` if the
column is created as an identity column.
+* On MySQL, :djadmin:`dbshell` now supports client-side TLS certificates.
+
Migrations
~~~~~~~~~~
diff --git a/tests/dbshell/test_mysql.py b/tests/dbshell/test_mysql.py
index 7efb97d9cb..6b60e2722e 100644
--- a/tests/dbshell/test_mysql.py
+++ b/tests/dbshell/test_mysql.py
@@ -59,14 +59,21 @@ class MySqlDbshellCommandTestCase(SimpleTestCase):
def test_ssl_certificate_is_added(self):
self.assertEqual(
['mysql', '--user=someuser', '--password=somepassword',
- '--host=somehost', '--port=444', '--ssl-ca=sslca', 'somedbname'],
+ '--host=somehost', '--port=444', '--ssl-ca=sslca',
+ '--ssl-cert=sslcert', '--ssl-key=sslkey', 'somedbname'],
self.get_command_line_arguments({
'NAME': 'somedbname',
'USER': 'someuser',
'PASSWORD': 'somepassword',
'HOST': 'somehost',
'PORT': 444,
- 'OPTIONS': {'ssl': {'ca': 'sslca'}},
+ 'OPTIONS': {
+ 'ssl': {
+ 'ca': 'sslca',
+ 'cert': 'sslcert',
+ 'key': 'sslkey',
+ },
+ },
}))
def get_command_line_arguments(self, connection_settings):