php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #80001 SSL connection error is not reported via mysqli::$connect_error
Submitted: 2020-08-20 06:01 UTC Modified: 2021-06-02 15:22 UTC
Votes:5
Avg. Score:3.8 ± 1.0
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:2 (50.0%)
From: morozov at tut dot by Assigned:
Status: Open Package: MySQLi related
PHP Version: 7.4.9 OS: Linux
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: morozov at tut dot by
New email:
PHP Version: OS:

 

 [2020-08-20 06:01 UTC] morozov at tut dot by
Description:
------------
According to the documentation, mysqli::$connect_error returns the last error message string from the last call to mysqli_connect(). NULL is returned if no error occurred.


However, if the underlying connection error is related to SSL, mysqli::$connect_error remains NULL which is incorrect.

The reproduction script tries to connect to a MySQL server running in a https://hub.docker.com/_/mysql container and relies on the fact that the CN in the autogenerated server certificate doesn't match its hostname.

The same problem is reproducible with literally any SSL error.

Test script:
---------------
<?php

$conn = mysqli_init();

$conn->ssl_set('client-key.pem', 'client-cert.pem', 'ca.pem', '', '');

if (!$conn->real_connect('127.0.0.1', 'root', '', 'mysql')) {
    var_dump($conn->connect_error);
    exit(1);
}


Expected result:
----------------
$conn->connect_error contains a string with an error message.

Actual result:
--------------
Warning: mysqli::real_connect(): Peer certificate CN=`MySQL_Server_8.0.18_Auto_Generated_Server_Certificate' did not match expected CN=`127.0.0.1' in /home/morozov/mysqi-tls.php on line 7

Warning: mysqli::real_connect(): Cannot connect to MySQL by using SSL in /home/morozov/mysqi-tls.php on line 7

Warning: mysqli::real_connect(): [2002]  (trying to connect via (null)) in /home/morozov/mysqi-tls.php on line 7

Warning: mysqli::real_connect(): (HY000/2002):  in /home/morozov/mysqi-tls.php on line 7
NULL

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-06-02 10:51 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-06-02 10:51 UTC] cmb@php.net
Would that error be reported by openssl_error_string()?
 [2021-06-02 15:06 UTC] morozov at tut dot by
-Status: Feedback +Status: Assigned
 [2021-06-02 15:06 UTC] morozov at tut dot by
No, it returns false.
 [2021-06-02 15:22 UTC] cmb@php.net
-Status: Assigned +Status: Open -Assigned To: cmb +Assigned To:
 [2021-06-02 15:22 UTC] cmb@php.net
Thanks for the swift reply!  That would be a bug.
 [2022-07-17 14:58 UTC] simbiat at outlook dot com
This is reproducible in PHP8.1 with PDO as well, but the message returned is "SQLSTATE[HY000] [2002]  (trying to connect via (null))". Same as with original bug reported, it happens with any SSL error. It can even be a timeout, and it still will return this message.
 [2023-03-01 08:34 UTC] faulknerehman at gmail dot com
One possibility is that the SSL error is not being reported as the primary cause of the connection error. For example, there may be other issues with the database server or network that are causing the connection to fail, and the SSL error is not being prioritized in the error message. In this case, you may need to check the server logs or other error messages to identify the root cause of the connection failure.

Another possibility is that the SSL error is not being properly handled by the mysqli extension. This could be due to a bug in the extension or a misconfiguration of the SSL connection parameters. In this case, you may need to check the documentation for the mysqli extension and verify that you are using the correct SSL connection parameters.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Dec 21 16:01:28 2024 UTC