PHP :: Bug #51026 :: ssl not working

Bug #51026

ssl not working

Submitted:

2010-02-12 13:02 UTC

Modified:

2010-04-08 11:04 UTC

Votes:	3
Avg. Score:	4.3 ± 0.5
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	2 (100.0%)

From:

fuxa_kos at unihost dot cz

Assigned:

mysql (profile)

Status:

Closed

Package:

MySQLi related

PHP Version:

5.3.3-dev

OS:

Linux

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	fuxa_kos at unihost dot cz
New email:
PHP Version:		OS:

New Comment:

[2010-02-12 13:02 UTC] fuxa_kos at unihost dot cz

Description:
------------
ssl connection not working, same code with 5.2.12 working well.
With reference to bug 49234, I have support [33] => ssl_set.

mysql client working well too.
mysql ... --ssl-ca=cert/mysql-cacert.pem --ssl-cert=cert/client-cert.pem --ssl-key=cert/client-key.pem
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 116395
Server version: 5.0.90-community-log MySQL Community Edition (GPL)
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.00 sec)

from phpinfo
mysqli

MysqlI Support => enabled
Client API library version => 5.1.42
Active Persistent Links => 0
Inactive Persistent Links => 0
Active Links => 0
Client API header version => 5.1.42
MYSQLI_SOCKET => /var/lib/mysql/mysql.sock

Directive => Local Value => Master Value
mysqli.allow_local_infile => Off => Off
mysqli.allow_persistent => On => On
mysqli.default_host => no value => no value
mysqli.default_port => 3306 => 3306
mysqli.default_pw => no value => no value
mysqli.default_socket => no value => no value
mysqli.default_user => no value => no value
mysqli.max_links => Unlimited => Unlimited
mysqli.max_persistent => Unlimited => Unlimited
mysqli.reconnect => Off => Off

Client is Mysql 5.1 and server is Mysql 5.0. But same for 5.0 Mysql 
client. In case PHP 5.2 Mysql client is 5.0.

Reproduce code:
---------------
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
$mysqli = mysqli_init();
$mysqli->ssl_set('./cert/client-key.pem', './cert/client-cert.pem', './cert/mysql-cacert.pem', null, null);
$mysqli->real_connect('removed', '', '', '');
if ($r = $mysqli->query("SHOW STATUS LIKE 'Ssl_cipher'")) {
    var_dump($r->fetch_row());
}
echo $mysqli->error."\n";
echo $mysqli->errno."\n";

Expected result:
----------------
something like this for Ssl_cipher
array(2) {
  [0]=>
  string(10) "Ssl_cipher"
  [1]=>
  string(18) "DHE-RSA-AES256-SHA"
}

and no errors.

Actual result:
--------------
Warning: mysqli::ssl_set(): invalid object or resource mysqli

with MYSQLI_CLIENT_SSL
Can't connect to MySQL server on 'removed' (113)
errno = 2003
 
without MYSQLI_CLIENT_SSL
Warning: mysqli::real_connect(): (28000/1045): Access denied for 
user 'removed' (using password: YES)
errno = 1045

ssl_set() in this case returns NULL, not true as doc says.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-02-12 16:14 UTC] jani@php.net

Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

[2010-02-12 21:39 UTC] fuxa_kos at unihost dot cz

same problem

phpinfo()
PHP Version => 5.3.3-dev

# ssl_set
mysqli::ssl_set(): invalid object or resource mysqli
var_dump returns NULL

# real_connect, without MYSQLI_CLIENT_SSL
error: mysqli::real_connect(): (28000/1045): Access denied for 
user '...' (using password: YES)
errno: 1045

# real_connect, with MYSQLI_CLIENT_SSL
error: mysqli::real_connect(): (HY000/2003): Can't connect to MySQL 
server on '...' (113)
errno: 2003

[2010-02-12 21:46 UTC] fuxa_kos at unihost dot cz

In my case, tested at latest CentOS 5 and 4. All 64-bit boxes, PHP 
compiled myself from sources. With Mysql 5.0.89, 5.0.90, 5.1.42.

[2010-02-17 01:07 UTC] emartinez at usgs dot gov

Looking into the source, "mysqli_init" sets the resource status to "MYSQLI_STATUS_INITIALIZED" and then immediately afterward in "mysqli_ssl_set" the source expects the the resource status to be at least, "MYSQLI_STATUS_VALID" (one step above MYSQLI_STATUS_INITIALIZED).

The problem seems to go away if you modify mysqli_api.c::ssl_set to require only a status of "MYSQLI_STATUS_INITIALIZED" (about line 2043).

[2010-04-08 11:01 UTC] andrey@php.net

Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=297688
Log: Fix for bug #51026 ssl not working

[2010-04-08 11:04 UTC] andrey@php.net

-Status: Assigned +Status: Closed

[2010-04-08 11:04 UTC] andrey@php.net

Fixed. Fix will appear in 5.3.3 . The bug doesn't affect 5.2 and earlier branches, which means that it only exists in 5.3.0, 5.3.1 and 5.3.2

[2010-07-23 15:21 UTC] fuxa_kos at unihost dot cz

5.1.6 at Centos 5 is affected too.

rpm -qi php
Name        : php                          Relocations: (not relocatable)
Version     : 5.1.6                             Vendor: CentOS
Release     : 27.el5                        Build Date: Wed 31 Mar 2010 
08:53:10 AM CEST

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 15:01:30 2024 UTC