How to configure pymssql with SSL support on Ubuntu?
What were the steps required to configure (the now discontinued) pymssql with SSL support on Ubuntu so I can connect to a SQL Server instance that requires an encrypted connection (e.g., Azure)?
Solution 1:
Ubuntu 16.04 LTS
(See this answer for Ubuntu 18.04 LTS.)
The following worked for me on a clean install of Xubuntu 16.04 LTS x64:
The first challenge is that the FreeTDS we get from the Ubuntu 16.04 repositories does not support SSL "out of the box", so we need to build our own. Start by installing python3-pip (which also installs build-essentials, g++, and a bunch of other stuff we'll need) and libssl-dev (the OpenSSL libraries required for building FreeTDS with SSL support)
sudo apt install python3-pip libssl-dev
Download the source code for FreeTDS by clicking the "Stable Release" link at freetds.org. Unpack the archive, switch to the directory you just created (e.g., freetds-1.00.104), and then do
./configure --with-openssl=/usr/include/openssl --enable-msdblib
make
sudo make install
Check the build with
tsql -C
and ensure that "TDS version: auto" and "OpenSSL: yes" are listed. Then use tsql to test a "raw" FreeTDS connection, e.g.,
tsql -H example.com -p 1433 -U youruserid -P yourpassword
Now to install pymssql. By default, recent versions ship as a pre-compiled "wheel" file that does not support encrypted connections so we need to install from the pymssql source. Starting with pymssql 2.1.4, the build process relies on Cython, so first do
pip3 install --user Cython
and then do
pip3 install --user --no-binary pymssql pymssql
When the build is complete, pymssql is installed.
But... it won't work (yet). When we try to do import pymssql in Python we get
ImportError: libsybdb.so.5: cannot open shared object file: No such file or directory
because apparently that file is in the "wrong" place. The fix (ref: here) is to create a symlink in the "right" place that points to the actual file
sudo ln -s /usr/local/lib/libsybdb.so.5 /usr/lib/libsybdb.so.5
sudo ldconfig
Now pymssql works with SSL connections.
For me, anyway.
Solution 2:
Ubuntu 18.04 LTS
The Ubuntu 18.04 repositories will install a version of FreeTDS that supports GnuTLS so it is not absolutely necessary to build FreeTDS from source. However, we still need to build pymssql from source because simply doing the usual
pip3 install --user pymssql
will install a pre-compiled "wheel" that does not support secure connections. Instead, we need to do
sudo apt install python3-pip freetds-dev
pip3 install --user Cython
pip3 install --user --no-binary pymssql pymssql
Solution 3:
For Ubuntu 16.04 it seems that at least the Docker containers have a FreeTDS version that already supports SSL.
Also, at least for Python 2.7, Cython is not needed:
https://github.com/tds-fdw/ci-setup/blob/master/ubuntu16.04/Dockerfile (lines 23-39)
But there's something to keep in mind!
The TDS version to connect to Azure must be forced to be at least 7.1 (or newer, depending on your needs: https://www.freetds.org/userguide/choosingtdsprotocol.htm)
Otherwise you will see the infamous:
[ERROR] (20017, 'DB-Lib error message 20017, severity 9:\nUnexpected EOF from the server\nNet-Lib error during Operation now in progress (115)\nDB-Lib error message 20002, severity 9:\nAdaptive Server connection failed\n')
For some reason this was not needed for Ubuntu 14.04 and pymssql 2.1.3 without any extra configuration (https://github.com/tds-fdw/ci-setup/blob/master/ubuntu14.04/Dockerfile)
It can be done with either:
export TDSVER=7.1
Or, at the Python code, and at the connect function, adding the parameter:
tds_version='7.1'
With that, I am able to to use pymssql 2.1.4 to connect to Azure without issues.