php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76809 SSL settings aren't respected when persistent connection is reused
Submitted: 2018-08-29 13:49 UTC Modified: -
Votes:4
Avg. Score:4.0 ± 0.7
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (33.3%)
From: fabio dot souto at miniclip dot com Assigned:
Status: Closed Package: MySQLi related
PHP Version: 5.6.37 OS: CentOS 6
Private report: No CVE-ID: None
 [2018-08-29 13:49 UTC] fabio dot souto at miniclip dot com
Description:
------------
Using SSL to establish a database connection and run queries, using mysqli, mysqlnd, and persistent connections, in a php-fpm environment, works fine the first time.
After waiting wait_timeout seconds, if the same connection is reused, a "MySQL server has gone away" error will be triggered; mysqlnd will close and try to open a new connection, but at least some of the SSL settings seem to be reset, causing the new connection to not have SSL enabled (in our particular case the connection would fail to be established as SSL is being enforced on the database side of things).

PHP 5.6.37, using MariaDB 5.5.47

The grant is as follows (omitting sensitive data):

GRANT USAGE ON . TO 'db_user'@'10.%' IDENTIFIED BY PASSWORD 'password' REQUIRE ISSUER 'issuer' SUBJECT 'subject' CIPHER 'DHE-RSA-AES256-SHA'

A debug trace of mysqlnd follows below (omitting sensitive data):

>mysqlnd_init
| >mysqlnd_driver::get_connection
| | info : persistent=1
| | >mysqlnd_conn_data::set_state
| | | info : New state=0
| | <mysqlnd_conn_data::set_state
| | >mysqlnd_conn_data::get_reference
| | | info : conn=0 new_refcount=1
| | <mysqlnd_conn_data::get_reference
| | >mysqlnd_conn_data::init
| | | >mysqlnd_net_init
| | | | >mysqlnd_object_factory::get_io_channel
| | | | | info : persistent=1
| | | | | >mysqlnd_net::init
| | | | | | >mysqlnd_net::set_client_option
| | | | | | | info : option=202
| | | | | | | info : MYSQLND_OPT_NET_CMD_BUFFER_SIZE
| | | | | | | info : new_length=4096
| | | | | | <mysqlnd_net::set_client_option
| | | | | | >mysqlnd_net::set_client_option
| | | | | | | info : option=203
| | | | | | | info : MYSQLND_OPT_NET_READ_BUFFER_SIZE
| | | | | | | info : new_length=32768
| | | | | | <mysqlnd_net::set_client_option
| | | | | | >mysqlnd_net::set_client_option
| | | | | | | info : option=11
| | | | | | <mysqlnd_net::set_client_option
| | | | | <mysqlnd_net::init
| | | | <mysqlnd_object_factory::get_io_channel
| | | <mysqlnd_net_init
| | | >mysqlnd_protocol_init
| | | | >mysqlnd_object_factory::get_protocol_decoder
| | | | | info : persistent=1
| | | | <mysqlnd_object_factory::get_protocol_decoder
| | | <mysqlnd_protocol_init
| | <mysqlnd_conn_data::init
| <mysqlnd_driver::get_connection
| >mysqlnd_conn_data::negotiate_client_api_capabilities
| <mysqlnd_conn_data::negotiate_client_api_capabilities
<mysqlnd_init
>mysqlnd_conn_data::ssl_set
| >mysqlnd_conn_data::local_tx_start
| <mysqlnd_conn_data::local_tx_start
| >mysqlnd_net::set_client_option
| | info : option=204
| | >_mysqlnd_pestrdup
| | <_mysqlnd_pestrdup
| <mysqlnd_net::set_client_option
| >mysqlnd_net::set_client_option
| | info : option=205
| | >_mysqlnd_pestrdup
| | <_mysqlnd_pestrdup
| <mysqlnd_net::set_client_option
| >mysqlnd_net::set_client_option
| | info : option=206
| | >_mysqlnd_pestrdup
| | <_mysqlnd_pestrdup
| <mysqlnd_net::set_client_option
| >mysqlnd_net::set_client_option
| | info : option=207
| <mysqlnd_net::set_client_option
| >mysqlnd_net::set_client_option
| | info : option=208
| | >_mysqlnd_pestrdup
| | <_mysqlnd_pestrdup
| <mysqlnd_net::set_client_option
| >mysqlnd_conn_data::local_tx_end
| <mysqlnd_conn_data::local_tx_end
<mysqlnd_conn_data::ssl_set
>mysqlnd_conn_data::change_user
| info : conn=35793 user=db_user passwd=*** db= silent=1
| >mysqlnd_conn_data::local_tx_start
| <mysqlnd_conn_data::local_tx_start
| >mysqlnd_run_authentication
| | >_mysqlnd_pestrdup
| | <_mysqlnd_pestrdup
| | >mysqlnd_conn_data::fetch_auth_plugin_by_name
| | | info : looking for auth_plugin_mysql_native_password auth plugin
| | <mysqlnd_conn_data::fetch_auth_plugin_by_name
| | info : plugin found
| | info : salt(21)=[kUJP6ZD$%/\c[|#4y*a*]
| | >mysqlnd_native_auth_get_auth_data
| | <mysqlnd_native_auth_get_auth_data
| | >mysqlnd_auth_change_user
| | | >mysqlnd_protocol::get_change_user_response_packet
| | | <mysqlnd_protocol::get_change_user_response_packet
| | | >mysqlnd_protocol::get_auth_packet
| | | <mysqlnd_protocol::get_auth_packet
| | | >php_mysqlnd_auth_write
| | | | >mysqlnd_conn_data::simple_command
| | | | | >mysqlnd_conn_data::simple_command_send_request
| | | | | | info : command=CHANGE_USER silent=1
| | | | | | info : conn->server_status=34
| | | | | | info : sending 58 bytes
| | | | | | >mysqlnd_conn_data::get_state
| | | | | | <mysqlnd_conn_data::get_state
| | | | | | >mysqlnd_protocol::get_command_packet
| | | | | | <mysqlnd_protocol::get_command_packet
| | | | | | >php_mysqlnd_cmd_write
| | | | | | | >mysqlnd_net::send_ex
| | | | | | | | info : count=58 compression=0
| | | | | | | | info : to_be_sent=58
| | | | | | | | info : packets_sent=1
| | | | | | | | info : compressed_envelope_packet_no=0
| | | | | | | | info : packet_no=0
| | | | | | | | info : no compression
| | | | | | | | >mysqlnd_net::network_write_ex
| | | | | | | | | info : sending 62 bytes
| | | | | | | | | >mysqlnd_net::get_stream
| | | | | | | | | | info : 0x1b7a600
| | | | | | | | | <mysqlnd_net::get_stream
| | | | | | | | <mysqlnd_net::network_write_ex
| | | | | | | | info : packet_size=0 packet_no=1
| | | | | | | <mysqlnd_net::send_ex
| | | | | | <php_mysqlnd_cmd_write
| | | | | | info : PACKET_FREE(0x1afdfc8)
| | | | | <mysqlnd_conn_data::simple_command_send_request
| | | | | info : PASS
| | | | <mysqlnd_conn_data::simple_command
| | | <php_mysqlnd_auth_write
| | | >php_mysqlnd_chg_user_read
| | | | info : buf=0x1aef2e0 size=4096
| | | | | >mysqlnd_net::receive_ex
| | | | | <mysqlnd_net::receive_ex
| | | | | >mysqlnd_net::get_stream
| | | | | | info : 0x1b7a600
| | | | | <mysqlnd_net::get_stream
| | | | | >mysqlnd_net::network_read_ex
| | | | | | info : count=4
| | | | | | error: Error while reading header from socket
| | | | | <mysqlnd_net::network_read_ex
| | | | >mysqlnd_conn_data::set_state
| | | | | info : New state=6
| | | | <mysqlnd_conn_data::set_state
| | | | >_mysqlnd_pestrdup
| | | | <_mysqlnd_pestrdup
| | | | info : adding error [MySQL server has gone away] to the list
| | | | error: Can't read change user response's header
| | | <php_mysqlnd_chg_user_read
| | | >mysqlnd_error_list_pdtor
| | | <mysqlnd_error_list_pdtor
| | | info : PACKET_FREE(0)
| | | info : PACKET_FREE(0x7f9422e75450)
| | | info : PACKET_FREE(0x7f9422e76c90)
| | <mysqlnd_auth_change_user
| | info : switch_to_auth_protocol=n/a
| | info : conn->error_info->error_no = 0
| <mysqlnd_run_authentication
| >mysqlnd_conn_data::local_tx_end
| <mysqlnd_conn_data::local_tx_end
| info : FAIL
<mysqlnd_conn_data::change_user
>mysqlnd_conn::close
| info : conn=35793
| >mysqlnd_conn_data::local_tx_start
| <mysqlnd_conn_data::local_tx_start
| >mysqlnd_conn_data::get_state
| <mysqlnd_conn_data::get_state
| >mysqlnd_net::get_stream
| | info : 0x1b7a600
| <mysqlnd_net::get_stream
| >mysqlnd_send_close
| | info : conn=35793 net->data->stream->abstract=0x1ad95c0
| | >mysqlnd_conn_data::get_state
| | <mysqlnd_conn_data::get_state
| | >mysqlnd_conn_data::get_state
| | <mysqlnd_conn_data::get_state
| | info : state=6
| | >mysqlnd_net::close_stream
| | | >mysqlnd_net::get_stream
| | | | info : 0x1b7a600
| | | <mysqlnd_net::get_stream
| | | info : Freeing stream. abstract=0x1ad95c0
| | | >mysqlnd_net::set_stream
| | | <mysqlnd_net::set_stream
| | <mysqlnd_net::close_stream
| <mysqlnd_send_close
| >mysqlnd_conn_data::local_tx_end
| <mysqlnd_conn_data::local_tx_end
| >mysqlnd_conn::dtor
| | info : conn=35793
| | >mysqlnd_conn_data::free_reference
| | | info : conn=35793 old_refcount=1
| | | >mysqlnd_net::get_stream
| | | | info : 0
| | | <mysqlnd_net::get_stream
| | | >mysqlnd_send_close
| | | | info : conn=35793 net->data->stream->abstract=0
| | | | >mysqlnd_conn_data::get_state
| | | | <mysqlnd_conn_data::get_state
| | | | >mysqlnd_conn_data::get_state
| | | | <mysqlnd_conn_data::get_state
| | | | info : state=6
| | | | >mysqlnd_net::close_stream
| | | | | >mysqlnd_net::get_stream
| | | | | | info : 0
| | | | | <mysqlnd_net::get_stream
| | | | <mysqlnd_net::close_stream
| | | <mysqlnd_send_close
| | | >mysqlnd_conn_data::dtor
| | | | info : conn=35793
| | | | >mysqlnd_conn_data::free_contents
| | | | | >mysqlnd_net::free_contents
| | | | | <mysqlnd_net::free_contents
| | | | | info : Freeing memory of members
| | | | | info : scheme=tcp://hostname.host.com:3306
| | | | <mysqlnd_conn_data::free_contents
| | | | >connect_attr_item_pdtor
| | | | <connect_attr_item_pdtor
| | | | >mysqlnd_net_free
| | | | | >mysqlnd_net::dtor
| | | | | | >mysqlnd_net::free_contents
| | | | | | <mysqlnd_net::free_contents
| | | | | | >mysqlnd_net::close_stream
| | | | | | | >mysqlnd_net::get_stream
| | | | | | | | info : 0
| | | | | | | <mysqlnd_net::get_stream
| | | | | | <mysqlnd_net::close_stream
| | | | | | info : Freeing cmd buffer
| | | | | <mysqlnd_net::dtor
| | | | <mysqlnd_net_free
| | | | >mysqlnd_protocol_free
| | | | <mysqlnd_protocol_free
| | | <mysqlnd_conn_data::dtor
| | <mysqlnd_conn_data::free_reference
| <mysqlnd_conn::dtor
<mysqlnd_conn::close
>mysqlnd_init
| >mysqlnd_driver::get_connection
| | info : persistent=1
| | >mysqlnd_conn_data::set_state
| | | info : New state=0
| | <mysqlnd_conn_data::set_state
| | >mysqlnd_conn_data::get_reference
| | | info : conn=0 new_refcount=1
| | <mysqlnd_conn_data::get_reference
| | >mysqlnd_conn_data::init
| | | >mysqlnd_net_init
| | | | >mysqlnd_object_factory::get_io_channel
| | | | | info : persistent=1
| | | | | >mysqlnd_net::init
| | | | | | >mysqlnd_net::set_client_option
| | | | | | | info : option=202
| | | | | | | info : MYSQLND_OPT_NET_CMD_BUFFER_SIZE
| | | | | | | info : new_length=4096
| | | | | | <mysqlnd_net::set_client_option
| | | | | | >mysqlnd_net::set_client_option
| | | | | | | info : option=203
| | | | | | | info : MYSQLND_OPT_NET_READ_BUFFER_SIZE
| | | | | | | info : new_length=32768
| | | | | | <mysqlnd_net::set_client_option
| | | | | | >mysqlnd_net::set_client_option
| | | | | | | info : option=11
| | | | | | <mysqlnd_net::set_client_option
| | | | | <mysqlnd_net::init
| | | | <mysqlnd_object_factory::get_io_channel
| | | <mysqlnd_net_init
| | | >mysqlnd_protocol_init
| | | | >mysqlnd_object_factory::get_protocol_decoder
| | | | | info : persistent=1
| | | | <mysqlnd_object_factory::get_protocol_decoder
| | | <mysqlnd_protocol_init
| | <mysqlnd_conn_data::init
| <mysqlnd_driver::get_connection
| >mysqlnd_conn_data::negotiate_client_api_capabilities
| <mysqlnd_conn_data::negotiate_client_api_capabilities
<mysqlnd_init
>mysqlnd_connect
| info : host=hostname.host.com user=db_user db= port=3306 flags=131072
| >mysqlnd_conn::connect
| | >mysqlnd_conn_data::local_tx_start
| | <mysqlnd_conn_data::local_tx_start
| | >mysqlnd_conn_data::set_client_option_2d
| | | info : conn=0 option=25
| | | >mysqlnd_conn_data::local_tx_start
| | | <mysqlnd_conn_data::local_tx_start
| | | info : Initializing connect_attr hash
| | | info : Adding [_client_name][mysqlnd]
| | | >_mysqlnd_pestrdup
| | | <_mysqlnd_pestrdup
| | | >mysqlnd_conn_data::local_tx_end
| | | <mysqlnd_conn_data::local_tx_end
| | <mysqlnd_conn_data::set_client_option_2d
| | >mysqlnd_conn_data::connect
| | | info : conn=0x1aebec0
| | | >mysqlnd_conn_data::local_tx_start
| | | <mysqlnd_conn_data::local_tx_start
| | | >mysqlnd_conn_data::get_state
| | | <mysqlnd_conn_data::get_state
| | | info : host=hostname.host.com user=db_user db= port=3306 flags=131072 persistent=1 state=0
| | | >mysqlnd_conn_data::get_state
| | | <mysqlnd_conn_data::get_state
| | | >mysqlnd_conn_data::set_client_option
| | | | info : conn=0 option=210
| | | | >mysqlnd_conn_data::local_tx_start
| | | | <mysqlnd_conn_data::local_tx_start
| | | | >mysqlnd_conn_data::local_tx_end
| | | | <mysqlnd_conn_data::local_tx_end
| | | <mysqlnd_conn_data::set_client_option
| | | info : transport=tcp://hostname.host.com:3306 conn->scheme=(null)
| | | >mysqlnd_conn_data::get_updated_connect_flags
| | | <mysqlnd_conn_data::get_updated_connect_flags
| | | >mysqlnd_conn_data::connect_handshake
| | | | >mysqlnd_protocol::get_greet_packet
| | | | <mysqlnd_protocol::get_greet_packet
| | | | >mysqlnd_net::connect_ex
| | | | | >mysqlnd_net::close_stream
| | | | | | >mysqlnd_net::get_stream
| | | | | | | info : 0
| | | | | | <mysqlnd_net::get_stream
| | | | | <mysqlnd_net::close_stream
| | | | | >mysqlnd_net::get_open_stream
| | | | | <mysqlnd_net::get_open_stream
| | | | | >mysqlnd_net::open_tcp_or_unix
| | | | | | info : hashed_details=0x1afcda0
| | | | | | info : calling php_stream_xport_create
| | | | | <mysqlnd_net::open_tcp_or_unix
| | | | | >mysqlnd_net::set_stream
| | | | | <mysqlnd_net::set_stream
| | | | | >mysqlnd_net::get_stream
| | | | | | info : 0x1b7a600
| | | | | <mysqlnd_net::get_stream
| | | | | >mysqlnd_net::post_connect_set_opt
| | | | | | info : setting 31536000 as PHP_STREAM_OPTION_READ_TIMEOUT
| | | | | | >mysqlnd_set_sock_no_delay
| | | | | | <mysqlnd_set_sock_no_delay
| | | | | | >mysqlnd_set_sock_keepalive
| | | | | | <mysqlnd_set_sock_keepalive
| | | | | <mysqlnd_net::post_connect_set_opt
| | | | <mysqlnd_net::connect_ex
| | | | >mysqlnd_net::get_stream
| | | | | info : 0x1b7a600
| | | | <mysqlnd_net::get_stream
| | | | info : stream=0x1b7a600
| | | | >php_mysqlnd_greet_read
| | | | | info : buf=0x7ffe7fa1c9f0 size=2048
| | | | | | >mysqlnd_net::receive_ex
| | | | | | <mysqlnd_net::receive_ex
| | | | | | >mysqlnd_net::get_stream
| | | | | | | info : 0x1b7a600
| | | | | | <mysqlnd_net::get_stream
| | | | | | >mysqlnd_net::network_read_ex
| | | | | | | info : count=4
| | | | | | <mysqlnd_net::network_read_ex
| | | | | >mysqlnd_net::receive_ex
| | | | | <mysqlnd_net::receive_ex
| | | | | >mysqlnd_net::get_stream
| | | | | | info : 0x1b7a600
| | | | | <mysqlnd_net::get_stream
| | | | | >mysqlnd_net::network_read_ex
| | | | | | info : count=86
| | | | | <mysqlnd_net::network_read_ex
| | | | | info : proto=10 server=5.5.47-MariaDB-log thread_id=35867
| | | | | info : server_capabilities=3759144959 charset_no=8 server_status=2 auth_protocol=mysql_native_password scramble_length=21
| | | | <php_mysqlnd_greet_read
| | | | >_mysqlnd_pestrdup
| | | | <_mysqlnd_pestrdup
| | | | >mysqlnd_connect_run_authentication
| | | | | >mysqlnd_switch_to_ssl_if_needed
| | | | | | info : client_capability_flags=696973
| | | | | | info : CLIENT_LONG_PASSWORD=	1
| | | | | | info : CLIENT_FOUND_ROWS=		0
| | | | | | info : CLIENT_LONG_FLAG=		1
| | | | | | info : CLIENT_NO_SCHEMA=		0
| | | | | | info : CLIENT_COMPRESS=		0
| | | | | | info : CLIENT_ODBC=			0
| | | | | | info : CLIENT_LOCAL_FILES=	1
| | | | | | info : CLIENT_IGNORE_SPACE=	0
| | | | | | info : CLIENT_PROTOCOL_41=	1
| | | | | | info : CLIENT_INTERACTIVE=	0
| | | | | | info : CLIENT_SSL=			0
| | | | | | info : CLIENT_IGNORE_SIGPIPE=	0
| | | | | | info : CLIENT_TRANSACTIONS=	1
| | | | | | info : CLIENT_RESERVED=		0
| | | | | | info : CLIENT_SECURE_CONNECTION=1
| | | | | | info : CLIENT_MULTI_STATEMENTS=0
| | | | | | info : CLIENT_MULTI_RESULTS=	1
| | | | | | info : CLIENT_PS_MULTI_RESULTS=0
| | | | | | info : CLIENT_CONNECT_ATTRS=	1
| | | | | | info : CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA=	0
| | | | | | info : CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS=	0
| | | | | | info : CLIENT_SESSION_TRACK=		0
| | | | | | info : CLIENT_SSL_DONT_VERIFY_SERVER_CERT=	0
| | | | | | info : CLIENT_SSL_VERIFY_SERVER_CERT=	0
| | | | | | info : CLIENT_REMEMBER_OPTIONS=		0
| | | | | | >mysqlnd_protocol::get_auth_packet
| | | | | | <mysqlnd_protocol::get_auth_packet
| | | | | | info : PACKET_FREE(0x7f9422e75450)
| | | | | <mysqlnd_switch_to_ssl_if_needed
| | | | | >mysqlnd_run_authentication
| | | | | | >_mysqlnd_pestrdup
| | | | | | <_mysqlnd_pestrdup
| | | | | | >mysqlnd_conn_data::fetch_auth_plugin_by_name
| | | | | | | info : looking for auth_plugin_mysql_native_password auth plugin
| | | | | | <mysqlnd_conn_data::fetch_auth_plugin_by_name
| | | | | | info : plugin found
| | | | | | info : salt(21)=[Q8abFwH@F~k}Rar:fv?s]
| | | | | | >mysqlnd_native_auth_get_auth_data
| | | | | | <mysqlnd_native_auth_get_auth_data
| | | | | | >mysqlnd_auth_handshake
| | | | | | | >mysqlnd_protocol::get_auth_response_packet
| | | | | | | <mysqlnd_protocol::get_auth_response_packet
| | | | | | | >mysqlnd_protocol::get_auth_packet
| | | | | | | <mysqlnd_protocol::get_auth_packet
| | | | | | | >php_mysqlnd_auth_write
| | | | | | | | >mysqlnd_net::send_ex
| | | | | | | | | info : count=87 compression=0
| | | | | | | | | info : to_be_sent=87
| | | | | | | | | info : packets_sent=1
| | | | | | | | | info : compressed_envelope_packet_no=0
| | | | | | | | | info : packet_no=1
| | | | | | | | | info : no compression
| | | | | | | | | >mysqlnd_net::network_write_ex
| | | | | | | | | | info : sending 91 bytes
| | | | | | | | | | >mysqlnd_net::get_stream
| | | | | | | | | | | info : 0x1b7a600
| | | | | | | | | | <mysqlnd_net::get_stream
| | | | | | | | | <mysqlnd_net::network_write_ex
| | | | | | | | | info : packet_size=0 packet_no=2
| | | | | | | | <mysqlnd_net::send_ex
| | | | | | | <php_mysqlnd_auth_write
| | | | | | | >php_mysqlnd_auth_response_read
| | | | | | | | info : buf=0x1aef2e0 size=4095
| | | | | | | | | >mysqlnd_net::receive_ex
| | | | | | | | | <mysqlnd_net::receive_ex
| | | | | | | | | >mysqlnd_net::get_stream
| | | | | | | | | | info : 0x1b7a600
| | | | | | | | | <mysqlnd_net::get_stream
| | | | | | | | | >mysqlnd_net::network_read_ex
| | | | | | | | | | info : count=4
| | | | | | | | | <mysqlnd_net::network_read_ex
| | | | | | | | >mysqlnd_net::receive_ex
| | | | | | | | <mysqlnd_net::receive_ex
| | | | | | | | >mysqlnd_net::get_stream
| | | | | | | | | info : 0x1b7a600
| | | | | | | | <mysqlnd_net::get_stream
| | | | | | | | >mysqlnd_net::network_read_ex
| | | | | | | | | info : count=80
| | | | | | | | <mysqlnd_net::network_read_ex
| | | | | | | | >php_mysqlnd_read_error_from_line
| | | | | | | | <php_mysqlnd_read_error_from_line
| | | | | | | <php_mysqlnd_auth_response_read
| | | | | | | error: ERROR:1045 [SQLSTATE:28000] Access denied for user 'db_user'@'10.100.4.84' (using password: YES)
| | | | | | | >_mysqlnd_pestrdup
| | | | | | | <_mysqlnd_pestrdup
| | | | | | | info : adding error [Access denied for user 'db_user'@'10.100.4.84' (using password: YES)] to the list
| | | | | | | info : PACKET_FREE(0)
| | | | | | | info : PACKET_FREE(0x7f9422e75450)
| | | | | | | info : PACKET_FREE(0x1afed38)
| | | | | | <mysqlnd_auth_handshake
| | | | | | info : switch_to_auth_protocol=n/a
| | | | | | info : conn->error_info->error_no = 1045
| | | | | <mysqlnd_run_authentication
| | | | <mysqlnd_connect_run_authentication
| | | | info : PACKET_FREE(0x1afe790)
| | | <mysqlnd_conn_data::connect_handshake
| | | error: [1045] Access denied for user 'db_user'@'10.100.4.84' (using password: YES) (trying to connect via tcp://hostname.host.com:3306)
| | | >mysqlnd_conn_data::free_contents
| | | | >mysqlnd_net::free_contents
| | | | <mysqlnd_net::free_contents
| | | | info : Freeing memory of members
| | | | info : scheme=tcp://hostname.host.com:3306
| | | | >mysqlnd_error_list_pdtor
| | | | <mysqlnd_error_list_pdtor
| | | <mysqlnd_conn_data::free_contents
| | | >mysqlnd_conn_data::local_tx_end
| | | <mysqlnd_conn_data::local_tx_end
| | <mysqlnd_conn_data::connect
| | >mysqlnd_conn_data::local_tx_end
| | <mysqlnd_conn_data::local_tx_end
| <mysqlnd_conn::connect
<mysqlnd_connect
>mysqlnd_conn::close
| info : conn=35867
| >mysqlnd_conn_data::local_tx_start
| <mysqlnd_conn_data::local_tx_start
| >mysqlnd_conn_data::get_state
| <mysqlnd_conn_data::get_state
| >mysqlnd_net::get_stream
| | info : 0x1b7a600
| <mysqlnd_net::get_stream
| >mysqlnd_send_close
| | info : conn=35867 net->data->stream->abstract=0x1afba70
| | >mysqlnd_conn_data::get_state
| | <mysqlnd_conn_data::get_state
| | >mysqlnd_conn_data::get_state
| | <mysqlnd_conn_data::get_state
| | info : state=0
| | >mysqlnd_conn_data::set_state
| | | info : New state=6
| | <mysqlnd_conn_data::set_state
| | >mysqlnd_net::close_stream
| | | >mysqlnd_net::get_stream
| | | | info : 0x1b7a600
| | | <mysqlnd_net::get_stream
| | | info : Freeing stream. abstract=0x1afba70
| | | >mysqlnd_net::set_stream
| | | <mysqlnd_net::set_stream
| | <mysqlnd_net::close_stream
| <mysqlnd_send_close
| >mysqlnd_conn_data::local_tx_end
| <mysqlnd_conn_data::local_tx_end
| >mysqlnd_conn::dtor
| | info : conn=35867
| | >mysqlnd_conn_data::free_reference
| | | info : conn=35867 old_refcount=1
| | | >mysqlnd_net::get_stream
| | | | info : 0
| | | <mysqlnd_net::get_stream
| | | >mysqlnd_send_close
| | | | info : conn=35867 net->data->stream->abstract=0
| | | | >mysqlnd_conn_data::get_state
| | | | <mysqlnd_conn_data::get_state
| | | | >mysqlnd_conn_data::get_state
| | | | <mysqlnd_conn_data::get_state
| | | | info : state=6
| | | | >mysqlnd_net::close_stream
| | | | | >mysqlnd_net::get_stream
| | | | | | info : 0
| | | | | <mysqlnd_net::get_stream
| | | | <mysqlnd_net::close_stream
| | | <mysqlnd_send_close
| | | >mysqlnd_conn_data::dtor
| | | | info : conn=35867
| | | | >mysqlnd_conn_data::free_contents
| | | | | >mysqlnd_net::free_contents
| | | | | <mysqlnd_net::free_contents
| | | | | info : Freeing memory of members
| | | | | info : scheme=(null)
| | | | <mysqlnd_conn_data::free_contents
| | | | >connect_attr_item_pdtor
| | | | <connect_attr_item_pdtor
| | | | >mysqlnd_net_free
| | | | | >mysqlnd_net::dtor
| | | | | | >mysqlnd_net::free_contents
| | | | | | <mysqlnd_net::free_contents
| | | | | | >mysqlnd_net::close_stream
| | | | | | | >mysqlnd_net::get_stream
| | | | | | | | info : 0
| | | | | | | <mysqlnd_net::get_stream
| | | | | | <mysqlnd_net::close_stream
| | | | | | info : Freeing cmd buffer
| | | | | <mysqlnd_net::dtor
| | | | <mysqlnd_net_free
| | | | >mysqlnd_protocol_free
| | | | <mysqlnd_protocol_free
| | | <mysqlnd_conn_data::dtor
| | <mysqlnd_conn_data::free_reference
| <mysqlnd_conn::dtor
<mysqlnd_conn::close
>RSHUTDOWN

Of relevance, the CLIENT_SSL flag is set to 0 when it seems it should have been enabled.

Test script:
---------------
<?php

mysqli_debug("d:t:O,/tmp/client.trace");

$conn = mysqli_init();
$conn->ssl_set('/etc/pki/php/client-key.pem', '/etc/pki/php/client-cert.pem', '/etc/pki/php/ca-cert.pem', NULL, 'DHE-RSA-AES256-SHA');

$res = @$conn->real_connect("p:hostname.host.com", "db_user", "password", null, 3306, MYSQLI_CLIENT_SSL);

if ($res === false) {
    echo "Error: Unable to connect to MySQL." . PHP_EOL;
    echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
    exit;
}

$conn->change_user("db_user", "password", "db");
$conn->query("select * from user limit 1;");

?>

Expected result:
----------------
Persistent connections should work at all times

Actual result:
--------------
Persistent connections only work when they're newly spawned

Patches

ssl.patch (last revision 2018-08-31 16:15 UTC by fabio dot souto at miniclip dot com)

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-08-31 16:17 UTC] fabio dot souto at miniclip dot com
I've provided a starting ground as patch, to fix this issue.
I'd appreciate the feedback of more experienced folks in this area, as I'm not an expert in PHP core land. Namely, the fact that string duplications are being done, and not being freed after calling ssl_set; is this a potential leak?

Also, the patch only works for mysqlnd for now. All my tests went through fine
 [2019-10-03 05:14 UTC] krakjoe@php.net
Automatic comment on behalf of fabio.souto@miniclip.com
Revision: http://git.php.net/?p=php-src.git;a=commit;h=9a2b42a5c1144e6a50c742d6a6d2007828830b24
Log: Fix bug #76809 (SSL settings aren't respected when persistent connection is reused)
 [2019-10-03 05:14 UTC] krakjoe@php.net
-Status: Open +Status: Closed
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Mon Dec 30 14:01:28 2024 UTC