Fluent connect mysql 8 failure,how to solve?

mysql8.0 failure connection
error: "handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268435581 error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED]))"

1 Like

We'll need more information (like error codes and code snippets) to be able to help.

Have same issue, it a error along this line: requires minimum platform version 10.0 for the iOS platform, but this target supports 8.0

"handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268435581 error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED]))"

Well the error message has the problem in - you're trying to connect to a MySQL host with a self-signed certificate I'm guessing that isn't trusted by the system, so it's rejecting the connection. When you set up your MySQL connection, you can specify TLS connection settings and either turn off TLS verification (quick hack, don't ship into production) or provide the certificate you'd like the trust (best option)

Are you trying to build for macOS or iOS?

I am building for IOS

You might be forging your own path them, there's experimental support for it, but it hasn't been touched for a while. But the error is clear, you need to bump your minimum platform version

You should be able to get around this by setting MySQL's TLSConfiguration's certificateVerification property to none. Hard to give a more useful code example because of how little context was given here, but hope that helps.

you're right, but don't know how to turn off this tls validation

I’m running into this, too. My server instance is running on Digital Ocean, and they give me a ca-certificate.crt that I can download. I'm just not sure what to do with it; how do I set it up in my vapor 4 app? Thanks!

NIOSSL should pick system certs up automatically: How do I install a root certificate? - Ask Ubuntu

UPDATE: I got it to work! I had simply not committed the changes to the cert trust settings in the Keychain (the UI didn't make it obvious I needed to do that; you need to close the Get Info window, at which point Keychain Access will prompt you for the administrator password to change the settings).

This is on macOS. So, I put the cert into my Keychain, set it to "Always Trust" for all situations, and tried again, but I still get file:///…/UserRepositoryTests.swift: test failure: UserRepositoryTests.testCreatingUser() failed: failed: caught error: "handshakeFailed(NIOSSL.BoringSSLError.sslError([Error: 268435581 error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED]))"

Could it be a Sandboxing issue? I'm not sure how to adjust sandbox entitlements in an Xcode package-based project.

I found this issue while setting up a new Vapor 4 project on macOS, with MySQL 8.0.17

Being both Vapor and MySQL running on localhost, there is no SSL certificate involved. However, seems like mysql-nio tries to connect via SSL, and fails to verify the "missing" certificate.

To solve this issue, while working on localhost or without SSL connection, Vapor's MySQL client can be configured to not do certificate verification, as follows:

.mysql(hostname: host, ..., tlsConfiguration: .forClient(certificateVerification: .none))

Here is a full code example with a bare-bone project setup:

import Vapor
import Fluent
import FluentMySQLDriver

// configures your application
public func configure(_ app: Application) throws {
    // uncomment to serve files from /Public folder
    // app.middleware.use(FileMiddleware(publicDirectory: app.directory.publicDirectory))

    configureDatabase(app: app)

    // register routes
    try routes(app)
}

func configureDatabase(app: Application) {
    let host = Environment.get("DB_HOST") ?? ""
    let port = Environment.get("DB_PORT").flatMap(Int.init) ?? 3306
    let user = Environment.get("DB_USER") ?? ""
    let pass = Environment.get("DB_PASS") ?? ""
    let name = Environment.get("DB_NAME") ?? ""

    app.databases.use(.mysql(hostname: host, port: port, username: user, password: pass, database: name, tlsConfiguration: .forClient(certificateVerification: .none)), as: .mysql)
}
4 Likes

thank you, you’re right; I set it to .nil ;now found,i can set it to .none;

This is it! I was having the same issue setting up Heroku with postgres and needed a configuration like this:

    guard var config: PostgresConfiguration = PostgresConfiguration(
        url: "DATABASE_URL_HERE"
    ) else {
        fatalError("Can't configure postgres")
    }
    config.tlsConfiguration = .forClient(certificateVerification: .none)
    app.databases.use(
        .postgres(configuration: config)
    , as: .psql)

Setting up the tlsConguration with .forClient(certificateVerification: .none) was key. Thank you

1 Like

FWIW, this solution continues to be helpful. However, in my situation, it was masked by Vapor 4/Fluent apparently also defaulting to interpret localhost as an IPv6 address on my Mac, which didn't play well with my local MySQL db config. Once I explicitly set DB_HOST to 127.0.0.1, all worked great.

1 Like