Connecting to the Database (Using SSL)

When you use psycopy2 to connect to the GaussDB Kernel server, you can enable SSL to encrypt the communication between the client and server. To enable SSL, you must have the server certificate, client certificate, and private key files. For details on how to obtain these files, see related documents and commands of OpenSSL.

Use the .ini file (the **configparser **package of Python can parse this type of configuration file) to save the configuration information about the database connection.
Add SSL connection parameters sslmode, sslcert, sslkey, and **sslrootcert **to the connection options.
1. sslmode: Table 1
2. sslcert: client certificate path
3. sslkey: client key path
4. sslrootcert: root certificate path
Use the psycopg2.connect function to obtain the connection object.
Use the connection object to create a cursor object.

Table 1 sslmode options

sslmode	Whether SSL Encryption Is Enabled	Description
disable	No	SSL connection is not enabled.
allow	Possible	If the database server requires SSL connection, SSL connection can be enabled. However, authenticity of the database server will not be verified.
prefer	Possible	If the database supports SSL connection, SSL connection is preferred. However, authenticity of the database server will not be verified.
require	Yes	SSL connection is required and data is encrypted. However, authenticity of the database server will not be verified.
verify-ca	Yes	The SSL connection must be enabled.
verify-full	Yes	The SSL connection must be enabled, which is not supported by GaussDB Kernel currently.