|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
[2011-01-20 01:59 UTC] dave dot kelly at dawkco dot com
Description:
------------
- Using PHP 5.3.5 Windows binaries (Zip package).
- extension = php_mysqli.dll is enabled in php.ini.
- trying to use mysqli::real_connect, passing MYSQLI_CLIENT_SSL in the flags parameter.
It returns the following error:
Warning: mysqli::real_connect() [mysqli.real-connect.html]: (28000/1045): Access denied for user 'user'@'host' (using password: YES) in C:\Apache22\htdocs\test.php on line 25
Connect Error (1045)
If I switch to PHP 5.2.17 Windows binaries (Zip package), using the exact same settings and script, I get the following (excerpts):
Success... host via TCP/IP
...
Ssl_cipher DHE-RSA-AES256-SHA
...
Ssl_version TLSv1
I believe the main difference (relevant to this problem) between PHP 5.2.17 and PHP 5.3.5 is that 5.2.17 uses libmysql.dll and 5.3.5 uses built-in mysqlnd (native driver). So, it appears that libmysql.dll works with SSL, while built-in mysqlnd (native driver) cannot use SSL. The Windows binaries build has no way to disable/enable mysqlnd and/or libmysql. If mysqlnd is not going to work with SSL, there should at least be another option that can be configured at runtime with the options file.
Test script:
---------------
<?php $mysqli = new mysqli();
$mysqli->init();
if (!$mysqli->options(MYSQLI_READ_DEFAULT_FILE,
'C:/Program Files/MySQL/my.ini')) {
die('Setting MYSQLI_READ_DEFAULT_FILE failed');
}
if (!$mysqli->options(MYSQLI_READ_DEFAULT_GROUP, 'mysql')) {
die('Setting MYSQLI_READ_DEFAULT_GROUP failed');
}
if (!$mysqli->real_connect('host', 'user', 'pass',
'mydb', 3306, NULL, MYSQLI_CLIENT_SSL)) {
echo 'Connect Error (' . mysqli_connect_errno() . ')' . "<br />\n";
}
else {
echo 'Success... ' . $mysqli->host_info . "<br />\n";
$sql = "show status like '%ssl%'";
$result = $mysqli->query($sql);
while ($row = $result->fetch_array()) {
echo $row[0] . ' ' . $row[1] . "<br />\n";
}
if ($result) { $result->close(); }
}
$mysqli->close(); ?>
Expected result:
----------------
Expect a new SSL connection and a result set from the query indicating that the connection is indeed via SSL/TLS.
Actual result:
--------------
Warning: (28000/1045): Access denied ... Connect Error (1045).
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
|
|||||||||||||||||||||||||||||||||||||
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Thu Nov 21 13:01:29 2024 UTC |
FYI (you probably already know): there are currently no SSL/TLS options available to be set with the mysqli::options method. I tried using the mysqli::ssl_set method as follows, but it didn't work either (same connect error): $mysqli->ssl_set(NULL, // key file path or NULL NULL, // cert file path or NULL 'C:/ssl/ca-cert.pem', // ca cert file path or NULL NULL, // capath directory or NULL 'DHE-RSA-AES256-SHA'); // cipher or NULL Also, tried the following (no luck): $mysqli->ssl_set('C:/ssl/key.pem', // key file path or NULL 'C:/ssl/cert.pem', // cert file path or NULL 'C:/ssl/ca-cert.pem', // ca cert file path or NULL NULL, // capath directory or NULL NULL); // cipher or NULL As noted before, these all work with PHP 5.2.17, but not with PHP 5.3.5. A fix for mysqlnd would be great because trying to do a custom build on Windows with mysqlnd disabled has become a real ordeal.