php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76604 Incomplete/Partial error messages for encrypted connection failures
Submitted: 2018-07-10 12:37 UTC Modified: -
From: johannes dot meyer at netways dot de Assigned:
Status: Open Package: PDO MySQL
PHP Version: 7.1.19 OS: CentOS Linux release 7.4.1708 (C
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: johannes dot meyer at netways dot de
New email:
PHP Version: OS:

 

 [2018-07-10 12:37 UTC] johannes dot meyer at netways dot de
Description:
------------
Trying to connect to a MariaDB instance using a SSL encrypted connection may fail. If it does, an PDOException's getMessage() method returns only an incomplete string. The returned error message defies any usefulness because the actual reason is not part of it.

It's possible to workaround this since the exception object in question got a previous exception which holds the missing part. Though, actually expected is that method getMessage() already returns a proper message.

Test script:
---------------
try {
        $pdo = new PDO(
                'mysql:host=localhost.localdomain;dbname=foo',
                'foo',
                'bar',
                array(
                        PDO::MYSQL_ATTR_SSL_KEY    => '/home/vagrant/newcerts/server-key.pem',
                        PDO::MYSQL_ATTR_SSL_CERT   => '/home/vagrant/newcerts/server-cert.pem',
                        PDO::MYSQL_ATTR_SSL_CA     => '/home/vagrant/newcerts/ca.pem',
                        PDO::MYSQL_ATTR_SSL_CIPHER => 'DHE-RSA-AES256-GCM-SHA384'
                )
        );
} catch (PDOException $e) {
        echo '# Actual:' . PHP_EOL;
        echo $e->getMessage() . PHP_EOL;
        echo '# Expected:' . PHP_EOL;
        echo $e->getMessage() . $e->getPrevious()->getMessage() . PHP_EOL;
}

Expected result:
----------------
# Actual:
SQLSTATE[HY000] [2002] PDO::__construct(): SSL operation failed with code 1. OpenSSL Error messages:
error:140830B5:SSL routines:ssl3_client_hello:no ciphers available
# Expected:
SQLSTATE[HY000] [2002] PDO::__construct(): SSL operation failed with code 1. OpenSSL Error messages:
error:140830B5:SSL routines:ssl3_client_hello:no ciphers available

Actual result:
--------------
# Actual:
SQLSTATE[HY000] [2002] 
# Expected:
SQLSTATE[HY000] [2002] PDO::__construct(): SSL operation failed with code 1. OpenSSL Error messages:
error:140830B5:SSL routines:ssl3_client_hello:no ciphers available

Patches

Add a Patch

Pull Requests

Add a Pull Request

 
PHP Copyright © 2001-2018 The PHP Group
All rights reserved.
Last updated: Thu Dec 13 08:01:25 2018 UTC