php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #41778 Always get the SSL connection error
Submitted: 2007-06-22 08:37 UTC Modified: 2011-11-04 10:07 UTC
Votes:16
Avg. Score:4.1 ± 1.1
Reproduced:15 of 15 (100.0%)
Same Version:1 (6.7%)
Same OS:5 (33.3%)
From: mail at tobias-wassermann dot de Assigned: mysql (profile)
Status: No Feedback Package: MySQLi related
PHP Version: 5.2.5 OS: Windows XP
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: mail at tobias-wassermann dot de
New email:
PHP Version: OS:

 

 [2007-06-22 08:37 UTC] mail at tobias-wassermann dot de
Description:
------------
If I want to connect via SSL to my MySQL-Server, mysqli_real_connect always returns this error:

Warning: mysqli::real_connect() [function.mysqli-real-connect]: (HY000/2026): SSL connection error in C:\proj\wampp\htdocs\test\db\mysql_ssl.php on line 7

I use mysqli_init(), to init the mysqli-object and then use ssl_set() to set the SSL-stuff and then real_connect().

A connect with the mysql-command-line client and the ssl-ca-option works perfect - i get a ssl encrypted connection.

Reproduce code:
---------------
Start MySQL-Server with:

mysqld-nt.exe --ssl --ssl-ca=ca.crt --ssl-cert=server.crt --ssl-key=server.pem <other params>

[The key is not secured by any password or such things]

Use the MySQL-Client from another machine to connect via ssl:

mysql.exe -u test -h server --ssl-ca=ca.crt

Check if SSL works with command line client:

mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.02 sec)

It works. Now my PHP code:

<html>
<body>
<?php
$conn = mysqli_init();
$conn->ssl_set(NULL, NULL, "ca.crt", NULL, NULL); 
$conn->real_connect("server", "root", NULL, "iba", 3306, NULL, MYSQLI_CLIENT_SSL);
?>
</body>
</html>


Expected result:
----------------
The real_connect()-call should connect via SSL to the MySQL-Server.

Actual result:
--------------
real_connect() doesn't connect, returns error message:

Warning: mysqli::real_connect() [function.mysqli-real-connect]: (HY000/2026): SSL connection error in C:\proj\wampp\htdocs\test\db\mysql_ssl.php on line 7

I know, HY000/2026 is a MySQL error - but the command line connect with same user and same CA-Certificate works fine. I tested it also on other machines.

The error occurs if the db-server is another machine as the webserver - and also occurs if it's the same pc. The problem also exists if i provide a client-certificate and key to the ssl_set()-function

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2008-01-23 13:22 UTC] johannes@php.net
Could you please try to use the full path instead of just giving the file name? Thanks.
I can't get that error message.
 [2008-04-22 20:01 UTC] mail at tobias-wassermann dot de
Hi,

reconstructed the case again - sorry for the delay - with the following code:

<?php

error_reporting(E_ALL);
ini_set("display_errors", "1");
$conn = mysqli_init();
$conn->ssl_set("C:/proj/test/test.crt", "C:/proj/test/ca.crt", "C:/proj/test/ca2.crt", NULL, NULL); 
$conn->real_connect("www.iba-ag.com", "user", "pass", "db", 3306, NULL, MYSQLI_CLIENT_SSL);

echo $conn->errno;
$res = $conn->query("SELECT * FROM catalog");
echo " - COUNT: {$res->num_rows}";
?>

The big BUT: Everytime I connect, I got a connection and the correct count of the SELECT - it works if the ssl-files exists or not exists. So it seems to be that never ever a ssl-connection will be established now - whats the problem?

I tried this with a 5.2.3 PHP on Windows and a 5.2.5 PHP on Linux - in both cases with enabled OpenSSL-support
 [2008-11-02 12:47 UTC] jani@php.net
Please try using this CVS snapshot:

  http://snaps.php.net/php5.2-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2008-11-10 01:00 UTC] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
 [2010-04-24 21:41 UTC] extramobile at gmail dot com
When i connect like this:
$mysqli -> ssl_set('client-key.pem', 'client-cert.pem', 'ca-cert.pem', null, null );
(..)
$mysqli -> real_connect( 'localhost', 'ssluser', 'sslpass', 'apps', 3306, null, MYSQLI_CLIENT_SSL );

SHOW VARIABLES LIKE "%SSL%";

returns nothing because of:
Warning: mysqli::real_connect() [function.mysqli-real-connect]: (HY000/2026): SSL connection error in D:\web\xampp\htdocs\init\init.php  on line 70
Warning: mysqli::query() [function.mysqli-query]: invalid object or resource mysqli in D:\web\xampp\htdocs\init\init.php on line 72


But when I connect:

$mysqli -> ssl_set('client-key.pem', 'client-cert.pem', 'ca-cert.pem' );

it gives me:

Warning: mysqli::ssl_set() expects exactly 5 parameters, 3 given in D:\web\xampp\htdocs\init\init.php on line 59
Array ( [Variable_name] => have_openssl [Value] => YES )
Array ( [Variable_name] => have_ssl [Value] => YES )
Array ( [Variable_name] => ssl_ca [Value] => ca-cert.pem )
Array ( [Variable_name] => ssl_capath [Value] => )
Array ( [Variable_name] => ssl_cert [Value] => server-cert.pem )
Array ( [Variable_name] => ssl_cipher [Value] => )
Array ( [Variable_name] => ssl_key [Value] => server-key.pem ) 

i have xampp apache friends 1.6.4

I connect via CMD by 
mysql --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem -ussluser -p

and SHOW VARIABLES LIKE "%SSL%";
+---------------+-----------------+
| Variable_name | Value           |
+---------------+-----------------+
| have_openssl  | YES             |
| have_ssl      | YES             |
| ssl_ca        | ca-cert.pem     |
| ssl_capath    |                 |
| ssl_cert      | server-cert.pem |
| ssl_cipher    |                 |
| ssl_key       | server-key.pem  |
+---------------+-----------------+
7 rows in set (0.00 sec)
 [2010-04-26 11:02 UTC] andrey@php.net
-Status: No Feedback +Status: Feedback -Assigned To: andrey +Assigned To: mysql
 [2010-04-26 11:02 UTC] andrey@php.net
Hi,
I see you use 5.2.5, can you try 5.3 with mysqlnd enabled, from snaps.php.net?

Thanks,
Andrey
 [2011-11-04 10:07 UTC] uw@php.net
-Status: Feedback +Status: No Feedback
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Fri Mar 29 08:01:27 2024 UTC