php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #51026 ssl not working
Submitted: 2010-02-12 13:02 UTC Modified: 2010-04-08 11:04 UTC
Votes:3
Avg. Score:4.3 ± 0.5
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: fuxa_kos at unihost dot cz Assigned: mysql
Status: Closed Package: MySQLi related
PHP Version: 5.3.3-dev OS: Linux
Private report: No CVE-ID:
 [2010-02-12 13:02 UTC] fuxa_kos at unihost dot cz
Description:
------------
ssl connection not working, same code with 5.2.12 working well.
With reference to bug 49234, I have support [33] => ssl_set.

mysql client working well too.
mysql ... --ssl-ca=cert/mysql-cacert.pem --ssl-cert=cert/client-cert.pem --ssl-key=cert/client-key.pem
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 116395
Server version: 5.0.90-community-log MySQL Community Edition (GPL)
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+--------------------+
| Variable_name | Value              |
+---------------+--------------------+
| Ssl_cipher    | DHE-RSA-AES256-SHA |
+---------------+--------------------+
1 row in set (0.00 sec)

from phpinfo
mysqli

MysqlI Support => enabled
Client API library version => 5.1.42
Active Persistent Links => 0
Inactive Persistent Links => 0
Active Links => 0
Client API header version => 5.1.42
MYSQLI_SOCKET => /var/lib/mysql/mysql.sock

Directive => Local Value => Master Value
mysqli.allow_local_infile => Off => Off
mysqli.allow_persistent => On => On
mysqli.default_host => no value => no value
mysqli.default_port => 3306 => 3306
mysqli.default_pw => no value => no value
mysqli.default_socket => no value => no value
mysqli.default_user => no value => no value
mysqli.max_links => Unlimited => Unlimited
mysqli.max_persistent => Unlimited => Unlimited
mysqli.reconnect => Off => Off

Client is Mysql 5.1 and server is Mysql 5.0. But same for 5.0 Mysql 
client. In case PHP 5.2 Mysql client is 5.0.

Reproduce code:
---------------
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
$mysqli = mysqli_init();
$mysqli->ssl_set('./cert/client-key.pem', './cert/client-cert.pem', './cert/mysql-cacert.pem', null, null);
$mysqli->real_connect('removed', '', '', '');
if ($r = $mysqli->query("SHOW STATUS LIKE 'Ssl_cipher'")) {
    var_dump($r->fetch_row());
}
echo $mysqli->error."\n";
echo $mysqli->errno."\n";

Expected result:
----------------
something like this for Ssl_cipher
array(2) {
  [0]=>
  string(10) "Ssl_cipher"
  [1]=>
  string(18) "DHE-RSA-AES256-SHA"
}

and no errors.

Actual result:
--------------
Warning: mysqli::ssl_set(): invalid object or resource mysqli

with MYSQLI_CLIENT_SSL
Can't connect to MySQL server on 'removed' (113)
errno = 2003
 
without MYSQLI_CLIENT_SSL
Warning: mysqli::real_connect(): (28000/1045): Access denied for 
user 'removed' (using password: YES)
errno = 1045

ssl_set() in this case returns NULL, not true as doc says.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-02-12 16:14 UTC] jani@php.net
Please try using this snapshot:

  http://snaps.php.net/php5.3-latest.tar.gz
 
For Windows:

  http://windows.php.net/snapshots/


 [2010-02-12 21:39 UTC] fuxa_kos at unihost dot cz
same problem

phpinfo()
PHP Version => 5.3.3-dev

# ssl_set
mysqli::ssl_set(): invalid object or resource mysqli
var_dump returns NULL

# real_connect, without MYSQLI_CLIENT_SSL
error: mysqli::real_connect(): (28000/1045): Access denied for 
user '...' (using password: YES)
errno: 1045

# real_connect, with MYSQLI_CLIENT_SSL
error: mysqli::real_connect(): (HY000/2003): Can't connect to MySQL 
server on '...' (113)
errno: 2003
 [2010-02-12 21:46 UTC] fuxa_kos at unihost dot cz
In my case, tested at latest CentOS 5 and 4. All 64-bit boxes, PHP 
compiled myself from sources. With Mysql 5.0.89, 5.0.90, 5.1.42.
 [2010-02-17 01:07 UTC] emartinez at usgs dot gov
Looking into the source, "mysqli_init" sets the resource status to "MYSQLI_STATUS_INITIALIZED" and then immediately afterward in "mysqli_ssl_set" the source expects the the resource status to be at least, "MYSQLI_STATUS_VALID" (one step above MYSQLI_STATUS_INITIALIZED).

The problem seems to go away if you modify mysqli_api.c::ssl_set to require only a status of "MYSQLI_STATUS_INITIALIZED" (about line 2043).
 [2010-04-08 11:01 UTC] andrey@php.net
Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=297688
Log: Fix for bug #51026 ssl not working
 [2010-04-08 11:04 UTC] andrey@php.net
-Status: Assigned +Status: Closed
 [2010-04-08 11:04 UTC] andrey@php.net
Fixed. Fix will appear in 5.3.3 . The bug doesn't affect 5.2 and earlier branches, which means that it only exists in 5.3.0, 5.3.1 and 5.3.2
 [2010-07-23 15:21 UTC] fuxa_kos at unihost dot cz
5.1.6 at Centos 5 is affected too.

rpm -qi php
Name        : php                          Relocations: (not relocatable)
Version     : 5.1.6                             Vendor: CentOS
Release     : 27.el5                        Build Date: Wed 31 Mar 2010 
08:53:10 AM CEST
 
PHP Copyright © 2001-2014 The PHP Group
All rights reserved.
Last updated: Thu Apr 24 02:02:10 2014 UTC