PHP :: Bug #51026 :: ssl not working

Bug #51026

ssl not working

Submitted:

2010-02-12 13:02 UTC

Modified:

2010-04-08 11:04 UTC

Votes:	3
Avg. Score:	4.3 ± 0.5
Reproduced:	2 of 2 (100.0%)
Same Version:	1 (50.0%)
Same OS:	2 (100.0%)

From:

fuxa_kos at unihost dot cz

Assigned:

mysql (profile)

Status:

Closed

Package:

MySQLi related

PHP Version:

5.3.3-dev

OS:

Linux

Private report:

CVE-ID:

None

View Add Comment Developer Edit

[2010-02-12 13:02 UTC] fuxa_kos at unihost dot cz

Description:
------------
ssl connection not working, same code with 5.2.12 working well.
With reference to bug 49234, I have support [33] => ssl_set.

mysql client working well too.
mysql ... --ssl-ca=cert/mysql-cacert.pem --ssl-cert=cert/client-cert.pem --ssl-key=cert/client-key.pem
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 116395
Server version: 5.0.90-community-log MySQL Community Edition (GPL)
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.00 sec)

from phpinfo
mysqli

MysqlI Support => enabled
Client API library version => 5.1.42
Active Persistent Links => 0
Inactive Persistent Links => 0
Active Links => 0
Client API header version => 5.1.42
MYSQLI_SOCKET => /var/lib/mysql/mysql.sock

Directive => Local Value => Master Value
mysqli.allow_local_infile => Off => Off
mysqli.allow_persistent => On => On
mysqli.default_host => no value => no value
mysqli.default_port => 3306 => 3306
mysqli.default_pw => no value => no value
mysqli.default_socket => no value => no value
mysqli.default_user => no value => no value
mysqli.max_links => Unlimited => Unlimited
mysqli.max_persistent => Unlimited => Unlimited
mysqli.reconnect => Off => Off

Client is Mysql 5.1 and server is Mysql 5.0. But same for 5.0 Mysql 
client. In case PHP 5.2 Mysql client is 5.0.

Reproduce code:
---------------
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
$mysqli = mysqli_init();
$mysqli->ssl_set('./cert/client-key.pem', './cert/client-cert.pem', './cert/mysql-cacert.pem', null, null);
$mysqli->real_connect('removed', '', '', '');
if ($r = $mysqli->query("SHOW STATUS LIKE 'Ssl_cipher'")) {
    var_dump($r->fetch_row());
}
echo $mysqli->error."\n";
echo $mysqli->errno."\n";

Expected result:
----------------
something like this for Ssl_cipher
array(2) {
  [0]=>
  string(10) "Ssl_cipher"
  [1]=>
  string(18) "DHE-RSA-AES256-SHA"
}

and no errors.

Actual result:
--------------
Warning: mysqli::ssl_set(): invalid object or resource mysqli

with MYSQLI_CLIENT_SSL
Can't connect to MySQL server on 'removed' (113)
errno = 2003
 
without MYSQLI_CLIENT_SSL
Warning: mysqli::real_connect(): (28000/1045): Access denied for 
user 'removed' (using password: YES)
errno = 1045

ssl_set() in this case returns NULL, not true as doc says.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-02-12 16:14 UTC] jani@php.net

Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/

[2010-02-12 21:39 UTC] fuxa_kos at unihost dot cz

same problem

phpinfo()
PHP Version => 5.3.3-dev

# ssl_set
mysqli::ssl_set(): invalid object or resource mysqli
var_dump returns NULL

# real_connect, without MYSQLI_CLIENT_SSL
error: mysqli::real_connect(): (28000/1045): Access denied for 
user '...' (using password: YES)
errno: 1045

# real_connect, with MYSQLI_CLIENT_SSL
error: mysqli::real_connect(): (HY000/2003): Can't connect to MySQL 
server on '...' (113)
errno: 2003

[2010-02-12 21:46 UTC] fuxa_kos at unihost dot cz

In my case, tested at latest CentOS 5 and 4. All 64-bit boxes, PHP 
compiled myself from sources. With Mysql 5.0.89, 5.0.90, 5.1.42.

[2010-02-17 01:07 UTC] emartinez at usgs dot gov

Looking into the source, "mysqli_init" sets the resource status to "MYSQLI_STATUS_INITIALIZED" and then immediately afterward in "mysqli_ssl_set" the source expects the the resource status to be at least, "MYSQLI_STATUS_VALID" (one step above MYSQLI_STATUS_INITIALIZED).

The problem seems to go away if you modify mysqli_api.c::ssl_set to require only a status of "MYSQLI_STATUS_INITIALIZED" (about line 2043).

[2010-04-08 11:01 UTC] andrey@php.net

Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=297688
Log: Fix for bug #51026 ssl not working

[2010-04-08 11:04 UTC] andrey@php.net

-Status: Assigned +Status: Closed

[2010-04-08 11:04 UTC] andrey@php.net

Fixed. Fix will appear in 5.3.3 . The bug doesn't affect 5.2 and earlier branches, which means that it only exists in 5.3.0, 5.3.1 and 5.3.2

[2010-07-23 15:21 UTC] fuxa_kos at unihost dot cz

5.1.6 at Centos 5 is affected too.

rpm -qi php
Name        : php                          Relocations: (not relocatable)
Version     : 5.1.6                             Vendor: CentOS
Release     : 27.el5                        Build Date: Wed 31 Mar 2010 
08:53:10 AM CEST

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Apr 19 03:01:27 2024 UTC