php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #76714 Collision between MySQL SSL connection and OpenSSL create key
Submitted: 2018-08-07 07:28 UTC Modified: 2018-08-07 21:29 UTC
From: michel at ingenie dot fr Assigned:
Status: Duplicate Package: MySQLi related
PHP Version: 7.0.31 OS: ubuntu 16.04
Private report: No CVE-ID: None
 [2018-08-07 07:28 UTC] michel at ingenie dot fr
Description:
------------
When using SSL connection with mysqli, the use of openssl function to create a key disrupt the mysqli connection.

Many thanks for your attention.

Test script:
---------------
<?php

$mysqli = new mysqli();
$mysqli->ssl_set('/etc/mysql/ssl/client-key.pem','/etc/mysql/ssl/client-cert.pem','/etc/mysql/ssl/ca-cert.pem',null,null);
$mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT,false);
$mysqli->real_connect('remote.host.com','login','password',null,null,null,MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);

// test SQL query : WORK FINE

$mysqli->select_db('test');
$result = $mysqli->query('select * from test');
print_r($result->fetch_all());

// Create KEY
$key = openssl_pkey_new(['digest_alg' => 'sha256','private_key_bits' => 1024,'private_key_type' => OPENSSL_KEYTYPE_RSA]);

// test SQL query : FAIL

$mysqli->select_db('test'); // this is line 19
$result = $mysqli->query('select * from test');
print_r($result->fetch_all());


Expected result:
----------------
Just a dump of returned array like for the first select.

Actual result:
--------------
PHP Warning:  mysqli::select_db(): SSL operation failed with code 1. OpenSSL Error messages:
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value in .../test_bug_mysql_ssl_openssl.php on line 19
Warning: mysqli::select_db(): SSL operation failed with code 1. OpenSSL Error messages:
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value in .../test_bug_mysql_ssl_openssl.php on line 19
PHP Warning:  mysqli::select_db(): MySQL server has gone away in .../test_bug_mysql_ssl_openssl.php on line 19
Warning: mysqli::select_db(): MySQL server has gone away in .../test_bug_mysql_ssl_openssl.php on line 19
PHP Warning:  mysqli::select_db(): Error while reading INIT_DB's OK packet. PID=16092 in .../test_bug_mysql_ssl_openssl.php on line 19
Warning: mysqli::select_db(): Error while reading INIT_DB's OK packet. PID=16092 in .../test_bug_mysql_ssl_openssl.php on line 19
PHP Fatal error:  Uncaught Error: Call to a member function fetch_all() on boolean in .../test_bug_mysql_ssl_openssl.php:21
Stack trace:
#0 {main}
  thrown in .../test_bug_mysql_ssl_openssl.php on line 21
Fatal error: Uncaught Error: Call to a member function fetch_all() on boolean in .../test_bug_mysql_ssl_openssl.php:21
Stack trace:
#0 {main}
  thrown in .../test_bug_mysql_ssl_openssl.php on line 21


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-08-07 07:42 UTC] requinix@php.net
-Status: Open +Status: Feedback
 [2018-08-07 07:42 UTC] requinix@php.net
What if you call openssl_error_string() after using openssl_pkey_new?
 [2018-08-07 09:07 UTC] michel at ingenie dot fr
adding : while ($msg = openssl_error_string()) echo $msg."\n";
after the key creation display :

error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value

And the mysqli error does not happen. The second query work fine.
So adding "while ($msg = openssl_error_string());" after the "openssl_pkey_new" seems to be a good workaround.

Thanks for your help.
 [2018-08-07 21:29 UTC] requinix@php.net
-Status: Feedback +Status: Duplicate
 [2018-08-07 21:29 UTC] requinix@php.net
That means this is a duplicate of bug #73978. It could only be fixed for PHP 7.1+ so if you can't upgrade then using openssl_error_string is the workaround.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sat Oct 12 19:01:28 2024 UTC