php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #41778 Always get the SSL connection error
Submitted: 2007-06-22 08:37 UTC Modified: 2011-11-04 10:07 UTC
Votes:16
Avg. Score:4.1 ± 1.1
Reproduced:15 of 15 (100.0%)
Same Version:1 (6.7%)
Same OS:5 (33.3%)
From: mail at tobias-wassermann dot de Assigned: mysql (profile)
Status: No Feedback Package: MySQLi related
PHP Version: 5.2.5 OS: Windows XP
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mail at tobias-wassermann dot de
New email:
PHP Version: OS:

 

 [2007-06-22 08:37 UTC] mail at tobias-wassermann dot de 
Description:
------------
If I want to connect via SSL to my MySQL-Server, mysqli_real_connect always returns this error:

Warning: mysqli::real_connect() [function.mysqli-real-connect]: (HY000/2026): SSL connection error in C:\proj\wampp\htdocs\test\db\mysql_ssl.php on line 7

I use mysqli_init(), to init the mysqli-object and then use ssl_set() to set the SSL-stuff and then real_connect().

A connect with the mysql-command-line client and the ssl-ca-option works perfect - i get a ssl encrypted connection.

Reproduce code:
---------------
Start MySQL-Server with:

mysqld-nt.exe --ssl --ssl-ca=ca.crt --ssl-cert=server.crt --ssl-key=server.pem <other params>

[The key is not secured by any password or such things]

Use the MySQL-Client from another machine to connect via ssl:

mysql.exe -u test -h server --ssl-ca=ca.crt

Check if SSL works with command line client:

mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.02 sec)

It works. Now my PHP code:

<html>
<body>
<?php
$conn = mysqli_init();
$conn->ssl_set(NULL, NULL, "ca.crt", NULL, NULL); 
$conn->real_connect("server", "root", NULL, "iba", 3306, NULL, MYSQLI_CLIENT_SSL);
?>
</body>
</html>


Expected result:
----------------
The real_connect()-call should connect via SSL to the MySQL-Server.

Actual result:
--------------
real_connect() doesn't connect, returns error message:

Warning: mysqli::real_connect() [function.mysqli-real-connect]: (HY000/2026): SSL connection error in C:\proj\wampp\htdocs\test\db\mysql_ssl.php on line 7

I know, HY000/2026 is a MySQL error - but the command line connect with same user and same CA-Certificate works fine. I tested it also on other machines.

The error occurs if the db-server is another machine as the webserver - and also occurs if it's the same pc. The problem also exists if i provide a client-certificate and key to the ssl_set()-function

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-01-23 13:22 UTC] johannes@php.net 
Could you please try to use the full path instead of just giving the file name? Thanks.
I can't get that error message.
 [2008-04-22 20:01 UTC] mail at tobias-wassermann dot de 
Hi,

reconstructed the case again - sorry for the delay - with the following code:

<?php

error_reporting(E_ALL);
ini_set("display_errors", "1");
$conn = mysqli_init();
$conn->ssl_set("C:/proj/test/test.crt", "C:/proj/test/ca.crt", "C:/proj/test/ca2.crt", NULL, NULL); 
$conn->real_connect("www.iba-ag.com", "user", "pass", "db", 3306, NULL, MYSQLI_CLIENT_SSL);

echo $conn->errno;
$res = $conn->query("SELECT * FROM catalog");
echo " - COUNT: {$res->num_rows}";
?>

The big BUT: Everytime I connect, I got a connection and the correct count of the SELECT - it works if the ssl-files exists or not exists. So it seems to be that never ever a ssl-connection will be established now - whats the problem?

I tried this with a 5.2.3 PHP on Windows and a 5.2.5 PHP on Linux - in both cases with enabled OpenSSL-support
 [2008-11-02 12:47 UTC] jani@php.net 
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/
 [2008-11-10 01:00 UTC] php-bugs at lists dot php dot net 
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-04-24 21:41 UTC] extramobile at gmail dot com 
When i connect like this:
$mysqli -> ssl_set('client-key.pem', 'client-cert.pem', 'ca-cert.pem', null, null );
(..)
$mysqli -> real_connect( 'localhost', 'ssluser', 'sslpass', 'apps', 3306, null, MYSQLI_CLIENT_SSL );

SHOW VARIABLES LIKE "%SSL%";

returns nothing because of:
Warning: mysqli::real_connect() [function.mysqli-real-connect]: (HY000/2026): SSL connection error in D:\web\xampp\htdocs\init\init.php  on line 70
Warning: mysqli::query() [function.mysqli-query]: invalid object or resource mysqli in D:\web\xampp\htdocs\init\init.php on line 72


But when I connect:

$mysqli -> ssl_set('client-key.pem', 'client-cert.pem', 'ca-cert.pem' );

it gives me:

Warning: mysqli::ssl_set() expects exactly 5 parameters, 3 given in D:\web\xampp\htdocs\init\init.php on line 59
Array ( [Variable_name] => have_openssl [Value] => YES )
Array ( [Variable_name] => have_ssl [Value] => YES )
Array ( [Variable_name] => ssl_ca [Value] => ca-cert.pem )
Array ( [Variable_name] => ssl_capath [Value] => )
Array ( [Variable_name] => ssl_cert [Value] => server-cert.pem )
Array ( [Variable_name] => ssl_cipher [Value] => )
Array ( [Variable_name] => ssl_key [Value] => server-key.pem ) 

i have xampp apache friends 1.6.4

I connect via CMD by 
mysql --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem -ussluser -p

and SHOW VARIABLES LIKE "%SSL%";
+---------------+-----------------+
| Variable_name | Value           |
+---------------+-----------------+
| have_openssl  | YES             |
| have_ssl      | YES             |
| ssl_ca        | ca-cert.pem     |
| ssl_capath    |                 |
| ssl_cert      | server-cert.pem |
| ssl_cipher    |                 |
| ssl_key       | server-key.pem  |
+---------------+-----------------+
7 rows in set (0.00 sec)
 [2010-04-26 11:02 UTC] andrey@php.net
-Status: No Feedback +Status: Feedback -Assigned To: andrey +Assigned To: mysql
 [2010-04-26 11:02 UTC] andrey@php.net 
Hi,
I see you use 5.2.5, can you try 5.3 with mysqlnd enabled, from snaps.php.net?

Thanks,
Andrey
 [2011-11-04 10:07 UTC] uw@php.net
-Status: Feedback +Status: No Feedback
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 17:01:58 2024 UTC