php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #74943 PHP Mysql connection with SSL is not working PDO
Submitted: 2017-07-17 19:26 UTC Modified: 2017-07-17 19:43 UTC
From: rnkhouse at gmail dot com Assigned:
Status: Not a bug Package: PDO related
PHP Version: 7.1.7 OS: Ubuntu 16.04
Private report: No CVE-ID: None
 [2017-07-17 19:26 UTC] rnkhouse at gmail dot com
Description:
------------
Mysql server is running php5.3. New webserver is running php7.1 (migrated from php5.3). When I try to connect Mysql server with ssl its not working.

    try {
    $dbh = new PDO($dsn, $user, $password, array(PDO::MYSQL_ATTR_SSL_KEY  => '/etc/mysql/client-key.pem',
                                                 PDO::MYSQL_ATTR_SSL_CERT => '/etc/mysql/client-cert.pem',
                                                 PDO::MYSQL_ATTR_SSL_CA   => '/etc/mysql/ca-cert.pem')
                  );
        echo "Connestion established";
    } catch (PDOException $e) {
        echo 'Connection failed: ' . $e->getMessage();
    }

>Connection failed: SQLSTATE[HY000] [2002]

>PDO::__construct(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

But, When I remove SSL block from connection, its working fine. I don't know what's going on. May be version mismatch of server and client. Becasue I am using old public key and private key.

Is it because of mysql client and server version mismatch?

PS: I have upgraded php7 in webserver only.

Actual result:
--------------
PDO::__construct(): SSL operation failed with code 1. OpenSSL Error messages:
error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2017-07-17 19:28 UTC] rnkhouse at gmail dot com
-PHP Version: 7.1Git-2017-07-17 (snap) +PHP Version: 7.1.7
 [2017-07-17 19:28 UTC] rnkhouse at gmail dot com
version change
 [2017-07-17 19:31 UTC] spam2 at rhsoft dot net
in case of self signed certificates this is *not* a bug and you have should done your homework because when you upgrade from 5.3 to 7.1 and changes between apply

http://php.net/manual/en/migration56.openssl.php

i googled that for you:

https://stackoverflow.com/questions/31424518/php-5-6-mysql-ssl-and-self-signed-certificates

https://stackoverflow.com/questions/34622899/pdo-with-self-signed-certificates
 [2017-07-17 19:38 UTC] rnkhouse at gmail dot com
I have changed the server. But, host name is still the same.

https://stackoverflow.com/questions/45090905/php-mysql-connection-with-ssl-is-not-working-pdo
 [2017-07-17 19:43 UTC] nikic@php.net
-Status: Open +Status: Not a bug
 [2017-07-17 19:43 UTC] nikic@php.net
If you wish to disable peer verification, you can specify PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false.
 
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Mar 29 05:03:39 2023 UTC