|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2019-11-03 20:25 UTC] lcobucci@php.net
Description:
------------
While setting up TLS for the DB in a development environment, I've found out that handshake issues during cURL requests using URIs with a self-signed certificate were affecting completely valid encrypted MySQL connections using both MySQLi and PDO MySQL.
I observed this because it was only happening on certain endpoints because they send this HTTP request to another service.
It's quite an edge-case (and low priority IMHO). However, it got me crazy since the error messages are all about the DB connection.
My idea was to create a better way to test this, but couldn't find any good example for TLS+MySQLnd (via PDO or MySQLi)...
Test script:
---------------
$conn = new PDO(
'mysql:host=my-mysql-server;charset=utf8mb4',
'root',
'password',
[
PDO::MYSQL_ATTR_SSL_CA => '/local-tls-certificates/ca.pem',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => true,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
]
);
var_dump($conn->query('SELECT 1')->fetchAll(PDO::FETCH_ASSOC));
$handle = curl_init('https://self-signed.badssl.com/');
curl_setopt_array(
$handle,
[
CURLOPT_RETURNTRANSFER => true,
CURLOPT_SSL_VERIFYPEER => true,
]
);
var_dump(curl_exec($handle));
curl_close($handle);
var_dump($conn->query('SELECT 1')->fetchAll(PDO::FETCH_ASSOC));
Expected result:
----------------
array(1) {
[0]=>
array(1) {
[1]=>
string(1) "1"
}
}
bool(false)
array(1) {
[0]=>
array(1) {
[1]=>
string(1) "1"
}
}
Actual result:
--------------
array(1) {
[0]=>
array(1) {
[1]=>
string(1) "1"
}
}
bool(false)
[01-Nov-2019 17:03:02 UTC] PHP Warning: PDO::query(): SSL operation failed with code 1. OpenSSL Error messages:
error:140E0197:SSL routines:SSL_shutdown:shutdown while in init in /app/aa.php on line 32
Warning: PDO::query(): SSL operation failed with code 1. OpenSSL Error messages:
error:140E0197:SSL routines:SSL_shutdown:shutdown while in init in /app/aa.php on line 32
[01-Nov-2019 17:03:02 UTC] PHP Warning: PDO::query(): MySQL server has gone away in /app/aa.php on line 32
Warning: PDO::query(): MySQL server has gone away in /app/aa.php on line 32
[01-Nov-2019 17:03:02 UTC] PHP Warning: PDO::query(): Error reading result set's header in /app/aa.php on line 32
Warning: PDO::query(): Error reading result set's header in /app/aa.php on line 32
[01-Nov-2019 17:03:02 UTC] PHP Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 2006 MySQL server has gone away in /app/aa.php:32
Stack trace:
#0 /app/aa.php(32): PDO->query('SELECT 1')
#1 {main}
thrown in /app/aa.php on line 32
Fatal error: Uncaught PDOException: SQLSTATE[HY000]: General error: 2006 MySQL server has gone away in /app/aa.php:32
Stack trace:
#0 /app/aa.php(32): PDO->query('SELECT 1')
#1 {main}
thrown in /app/aa.php on line 32
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Oct 25 03:00:01 2025 UTC |
Volker Dusch managed to reproduce this by using sockets and cURL only (also affects the latest PHP 7.4 RC): Test script: ------------- $sock = fsockopen("tls://google.com", 443); var_dump($sock); $handle = curl_init('https://self-signed.badssl.com/'); curl_setopt_array( $handle, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_SSL_VERIFYPEER => true, ] ); var_dump(curl_exec($handle)); curl_close($handle); fwrite($sock, "GET / HTTP/1.0\n\n"); var_dump(fread($sock, 8)); Expected result: ---------------- resource(4) of type (stream) bool(false) string(8) "HTTP/1.0" Actual result: -------------- resource(4) of type (stream) bool(false) Warning: fread(): SSL operation failed with code 1. OpenSSL Error messages: error:140E0197:SSL routines:SSL_shutdown:shutdown while in init in /app/aa.php on line 19 string(0) ""