php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #54962 either real_connect or ssl_set is not working properly
Submitted: 2011-05-31 11:57 UTC Modified: 2017-10-24 07:55 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:0 (0.0%)
From: sukarna_0 at yahoo dot co dot in Assigned:
Status: Open Package: MySQLi related
PHP Version: 5.3SVN-2011-05-31 (snap) OS: CentOS5.5
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: sukarna_0 at yahoo dot co dot in
New email:
PHP Version: OS:

 

 [2011-05-31 11:57 UTC] sukarna_0 at yahoo dot co dot in
Description:
------------
I have a code as follows.

$ssl_ca = 'https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem';
$mysqli->ssl_set(null, null, $ssl_ca, null, null);
$result = $mysqli->real_connect($location, $usr, $password, $dbname, $port, null, MYSQLI_CLIENT_SSL);

This code works with PHP 5.3.5 in windowsXP sp3 and never throws any error even if $ssl_ca contains a wrong path.

And this code always throws error- '(HY000/2026): SSL connection error' in CentOS 5.5 32bit(PHP 5.3.5)


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-06-08 02:23 UTC] johannes@php.net
-Status: Open +Status: Assigned -Assigned To: +Assigned To: mysql
 [2011-06-08 02:23 UTC] johannes@php.net
I think there is a feature difference between libmysql and mysqlnd. When using MySQLnd you can use stream wrappers to load certificates, with libmysql you are limited to local files. We will verify that.
 [2011-06-08 13:57 UTC] johannes@php.net
What happens is the following: Your Windows version uses mysqlnd as base library. mysqlnd uses PHP's streams and openssl extension for doing the communication. These demand that the verify_peer option is set else the ssl_ca will be ignored. That is fine.

An issue is that verify_peer is only set when manually setting MYSQLI_OPT_SSL_VERIFY_SERVER_CERT to true, mysqli_ssl_set won't do that. so that part has to be fixed. Need to do some research under what conditions we can do set verify_peer automatically.
 [2017-10-24 07:55 UTC] kalle@php.net
-Status: Assigned +Status: Open -Assigned To: mysql +Assigned To:
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Nov 23 07:01:29 2024 UTC