PHP :: Bug #54962 :: either real_connect or ssl

Bug #54962

either real_connect or ssl_set is not working properly

Submitted:

2011-05-31 11:57 UTC

Modified:

2017-10-24 07:55 UTC

Votes:	1
Avg. Score:	5.0 ± 0.0
Reproduced:	1 of 1 (100.0%)
Same Version:	0 (0.0%)
Same OS:	0 (0.0%)

From:

sukarna_0 at yahoo dot co dot in

Assigned:

Status:

Open

Package:

MySQLi related

PHP Version:

5.3SVN-2011-05-31 (snap)

OS:

CentOS5.5

Private report:

CVE-ID:

None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	sukarna_0 at yahoo dot co dot in
New email:
PHP Version:		OS:

New Comment:

[2011-05-31 11:57 UTC] sukarna_0 at yahoo dot co dot in

Description:
------------
I have a code as follows.

$ssl_ca = 'https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem';
$mysqli->ssl_set(null, null, $ssl_ca, null, null);
$result = $mysqli->real_connect($location, $usr, $password, $dbname, $port, null, MYSQLI_CLIENT_SSL);

This code works with PHP 5.3.5 in windowsXP sp3 and never throws any error even if $ssl_ca contains a wrong path.

And this code always throws error- '(HY000/2026): SSL connection error' in CentOS 5.5 32bit(PHP 5.3.5)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2011-06-08 02:23 UTC] johannes@php.net

-Status: Open +Status: Assigned -Assigned To: +Assigned To: mysql

[2011-06-08 02:23 UTC] johannes@php.net

I think there is a feature difference between libmysql and mysqlnd. When using MySQLnd you can use stream wrappers to load certificates, with libmysql you are limited to local files. We will verify that.

[2011-06-08 13:57 UTC] johannes@php.net

What happens is the following: Your Windows version uses mysqlnd as base library. mysqlnd uses PHP's streams and openssl extension for doing the communication. These demand that the verify_peer option is set else the ssl_ca will be ignored. That is fine.

An issue is that verify_peer is only set when manually setting MYSQLI_OPT_SSL_VERIFY_SERVER_CERT to true, mysqli_ssl_set won't do that. so that part has to be fixed. Need to do some research under what conditions we can do set verify_peer automatically.

[2017-10-24 07:55 UTC] kalle@php.net

-Status: Assigned +Status: Open -Assigned To: mysql +Assigned To:

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Nov 21 16:01:29 2024 UTC