php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55848 openssl doesn't work with unix sockets
Submitted: 2011-10-04 19:44 UTC Modified: 2011-10-13 19:57 UTC
From: mattficken@php.net Assigned: pajoye
Status: Not a bug Package: OpenSSL related
PHP Version: 5.4.0beta1 OS: Windows
Private report: No CVE-ID:
 [2011-10-04 19:44 UTC] mattficken@php.net
Description:
------------
I have setup an mysql 5.5 server with SSL support. I can access it over SSL using the Mysql CLI client. During my testing, I didn’t change the server configuration or restart the server.

I am testing mysqlnd and php5.4.0b1 on both Windows and Linux (x64) through mysqli and PDO-mysql.

Mysqlnd over SSL fails  with php 5.4.0b1 on both Windows and Linux, though it fails differently (possibly two different problems). Mysqlnd works fine over TCP with 5.4.0b1 on both Windows and Linux. 

It works on php 5.3.8 on both Windows and Linux over both TCP and SSL.

I have attached packet captures, error messages and my test script.  I haven’t run any PHPT mysql tests over SSL as my test script (which just tries to connect and run a simple query) always fails.

On PHP 5.4.0b1, Windows displays error messages. Warning messages about stream not supporting SSL/Crypto are wrong (socket does support SSL crypto, mysqlnd messes up handshake).

On PHP 5.4.0b1, Linux hangs on mysqli_real_connect. From plaintext part of packet capture, it looks proper.



Test script:
---------------
<?php

$pdo = new PDO(
    'mysql:host=10.200.51.57;dbname=mysql',
    'root',
    'password01!',
    array(
        PDO::MYSQL_ATTR_SSL_KEY   =>'client-key.pem',
        PDO::MYSQL_ATTR_SSL_CERT  =>'client-cert.pem',
        PDO::MYSQL_ATTR_SSL_CA    =>'ca-cert.pem'
    )
);
var_dump($pdo);

$pdo->query("SHOW TABLES");

?>

Actual result:
--------------
PHP Warning:  PDO::__construct(): this stream does not support SSL/crypto in C:\
Users\Administrator\Desktop\mysql_ssl_test.php on line 31

Warning: PDO::__construct(): this stream does not support SSL/crypto in C:\Users
\Administrator\Desktop\mysql_ssl_test.php on line 31
PHP Warning:  PDO::__construct(): Cannot connect to MySQL by using SSL in C:\Use
rs\Administrator\Desktop\mysql_ssl_test.php on line 31

Warning: PDO::__construct(): Cannot connect to MySQL by using SSL in C:\Users\Ad
ministrator\Desktop\mysql_ssl_test.php on line 31
NULL
PHP Fatal error:  Call to a member function query() on a non-object in C:\Users\
Administrator\Desktop\mysql_ssl_test.php on line 34

Fatal error: Call to a member function query() on a non-object in C:\Users\Admin
istrator\Desktop\mysql_ssl_test.php on line 34


Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2011-10-05 05:20 UTC] pajoye@php.net
Automatic comment from SVN on behalf of pajoye
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=317753
Log: - Revert r313616 (When we have a blocking SSL socket, respect the timeout
  option, scottmac)

# This caused bug #55283 and #55848, we should investigate a proper solution without
# breaking anything.
 [2011-10-05 18:06 UTC] mattficken@php.net
I have tried 54 snapshot r317753 and it fails just like 5.4.0beta1
 [2011-10-08 09:14 UTC] pawel at prochot dot co dot uk
https://bugs.php.net/bug.php?id=55870

Explains how to fix it. Just fix the spelling mistake or grab a snapshot.
 [2011-10-08 09:39 UTC] pajoye @php.net
This bug due to this typo was only in 5.3, 5.4 and trunk were not affected as far as I can see
 [2011-10-10 20:08 UTC] andrey@php.net
-Summary: mysqlnd + ssl failure +Summary: openssl doesn't work with unix sockets -Status: Open +Status: Verified -Package: MySQLi related +Package: OpenSSL related
 [2011-10-10 20:08 UTC] andrey@php.net
PHP 5.3 and 5.4, and probably trunk, don't support SSL over Unix Sockets. Sorry! mysqlnd tries to set up SSL and PHP barks that this stream type doesn't support crypto.
As workaround: you have to go back using libmysql, where SSL over Unix Sockets works.
 [2011-10-10 20:47 UTC] andrey@php.net
Matt, the error message comes from two places both in PHP. Once wenn crypto is set up and then when enabled. It probably barks already during set up and this got to be traced. I can't reproduce it here on Linux. Is it possible go trace it in a debugger and see which parts of the streams return NOT_IMPL for the stream?

Thanks!
 [2011-10-12 17:32 UTC] mattficken@php.net
-Status: Verified +Status: Closed
 [2011-10-12 17:32 UTC] mattficken@php.net
After tracing the problem, I figured out it was a problem in my configuration. 
Mysqlnd with SSL works on PHP 5.4.0 for me now, through both mysql, mysqli and PDO (therefore I'm closing this bug).

Note, that on PHP 5.3.8, mysql and SSL fail for me when I try to use PDO. However, it works on 5.3.8 through mysql and mysqli.
 [2011-10-12 17:37 UTC] pajoye@php.net
-Assigned To: +Assigned To: pajoye
 [2011-10-12 17:37 UTC] pajoye@php.net
The PDO and SSL issue in 5.3.8 is already fixed in SVN, it was due to a typo in a 
#ifdef.
 [2011-10-13 19:57 UTC] pajoye@php.net
-Status: Closed +Status: Bogus
 [2011-10-13 19:57 UTC] pajoye@php.net
Configuration issue caused by some minor diffs between 5.4 and 5.4
 [2014-07-14 12:18 UTC] zzromanzz at seznam dot cz
I still gets this warning (PDO::__construct(): this stream does not support SSL/crypto) on FPM 5.4.30 compiled against MySQL 5.5.  PHP-FPM 5.5 is OK.
 
PHP Copyright © 2001-2017 The PHP Group
All rights reserved.
Last updated: Fri Jun 23 01:01:38 2017 UTC