php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #28075 mysql ssl connection
Submitted: 2004-04-20 12:34 UTC Modified: 2011-01-19 12:11 UTC
Votes:4
Avg. Score:4.5 ± 0.5
Reproduced:3 of 3 (100.0%)
Same Version:0 (0.0%)
Same OS:3 (100.0%)
From: petre dot rodan at avira dot com Assigned: mysql (profile)
Status: Wont fix Package: MySQL related
PHP Version: * OS: *
Private report: No CVE-ID: None
Have you experienced this issue?
Rate the importance of this bug to you:

 [2004-04-20 12:34 UTC] petre dot rodan at avira dot com
Description:
------------
I was tring to use SSL-enabled mysql connections using php and mod_php.

The problem was that the libmysql library inside {,mod_}php detects that SSL is needed, but it doesn't know the location of the client certificate.

by simply inserting the following line 
mysql_options(&mysql->conn,MYSQL_READ_DEFAULT_GROUP,"client");
before mysql_real_connect(..) in ext/mysql/php_mysql.c, the my.cnf file is read and all SSL-related configurations are imported from there.

If my problem can be solved in another way, please drop me a line :).

Successfuly tested with php-4.3.4-r4, mod_php-4.3.4-r4, mod_php-4.3.6-rc2, php-5.0_beta1-r1.

see
http://bugs.gentoo.org/show_bug.cgi?id=46340#c3
for scenario details

the patch can be downloaded here:
http://bugs.gentoo.org/attachment.cgi?id=28436&action=view




Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2004-04-20 15:54 UTC] derick@php.net
Assigning to georg, the maintainer of this extension.
 [2007-07-13 10:45 UTC] Bruno dot Harbulot at manchester dot ac dot uk
I have just tried this suggestion (using mysql_options to read the [client] section of the global mysql configuration file). It works.
However, it doesn't seem like a good idea to use a global client configuration for all the MySQL connections from PHP. There can be scenarios where different certificates or CAs might be required.

Perhaps it would be better to have a binding of mysql_ssl_set (part of the MySQL API) to the PHP MySQL extension. It seems that MySQLi supports it.

See:
http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html
http://www.php.net/manual/en/function.mysqli-ssl-set.php

Regards,

Bruno.
 [2010-12-20 14:00 UTC] jani@php.net
-Package: Feature/Change Request +Package: MySQL related -Operating System: linux +Operating System: * -PHP Version: 4.3.6 +PHP Version: *
 [2011-01-06 17:14 UTC] uw@php.net
-Assigned To: georg +Assigned To: mysql
 [2011-01-06 17:14 UTC] uw@php.net
... don't think we should add functionality to ext/mysql. People should move forward and use mysqli. Also, there's a work around documented in the bug.
 [2011-01-19 12:11 UTC] uw@php.net
-Status: Assigned +Status: Wont fix
 [2011-01-19 12:11 UTC] uw@php.net
See previous comment: use mysqli.
 
PHP Copyright © 2001-2019 The PHP Group
All rights reserved.
Last updated: Thu Jul 18 21:01:25 2019 UTC