php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #80001 SSL connection error is not reported via mysqli::$connect_error
Submitted: 2020-08-20 06:01 UTC Modified: 2021-06-02 15:22 UTC
Votes:4
Avg. Score:4.0 ± 1.0
Reproduced:3 of 3 (100.0%)
Same Version:1 (33.3%)
Same OS:1 (33.3%)
From: morozov at tut dot by Assigned:
Status: Open Package: MySQLi related
PHP Version: 7.4.9 OS: Linux
Private report: No CVE-ID: None
View Add Comment Developer Edit
Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know!
Just going to say 'Me too!'? Don't clutter the database with that please — but make sure to vote on the bug!
Your email address:
MUST BE VALID
Solve the problem:
34 + 20 = ?
Subscribe to this entry?

 
 [2020-08-20 06:01 UTC] morozov at tut dot by 
Description:
------------
According to the documentation, mysqli::$connect_error returns the last error message string from the last call to mysqli_connect(). NULL is returned if no error occurred.


However, if the underlying connection error is related to SSL, mysqli::$connect_error remains NULL which is incorrect.

The reproduction script tries to connect to a MySQL server running in a https://hub.docker.com/_/mysql container and relies on the fact that the CN in the autogenerated server certificate doesn't match its hostname.

The same problem is reproducible with literally any SSL error.

Test script:
---------------
<?php

$conn = mysqli_init();

$conn->ssl_set('client-key.pem', 'client-cert.pem', 'ca.pem', '', '');

if (!$conn->real_connect('127.0.0.1', 'root', '', 'mysql')) {
    var_dump($conn->connect_error);
    exit(1);
}


Expected result:
----------------
$conn->connect_error contains a string with an error message.

Actual result:
--------------
Warning: mysqli::real_connect(): Peer certificate CN=`MySQL_Server_8.0.18_Auto_Generated_Server_Certificate' did not match expected CN=`127.0.0.1' in /home/morozov/mysqi-tls.php on line 7

Warning: mysqli::real_connect(): Cannot connect to MySQL by using SSL in /home/morozov/mysqi-tls.php on line 7

Warning: mysqli::real_connect(): [2002]  (trying to connect via (null)) in /home/morozov/mysqi-tls.php on line 7

Warning: mysqli::real_connect(): (HY000/2002):  in /home/morozov/mysqi-tls.php on line 7
NULL

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2021-06-02 10:51 UTC] cmb@php.net
-Status: Open +Status: Feedback -Assigned To: +Assigned To: cmb
 [2021-06-02 10:51 UTC] cmb@php.net 
Would that error be reported by openssl_error_string()?
 [2021-06-02 15:06 UTC] morozov at tut dot by
-Status: Feedback +Status: Assigned
 [2021-06-02 15:06 UTC] morozov at tut dot by 
No, it returns false.
 [2021-06-02 15:22 UTC] cmb@php.net
-Status: Assigned +Status: Open -Assigned To: cmb +Assigned To:
 [2021-06-02 15:22 UTC] cmb@php.net 
Thanks for the swift reply!  That would be a bug.
 [2022-07-17 14:58 UTC] simbiat at outlook dot com 
This is reproducible in PHP8.1 with PDO as well, but the message returned is "SQLSTATE[HY000] [2002]  (trying to connect via (null))". Same as with original bug reported, it happens with any SSL error. It can even be a timeout, and it still will return this message.
 [2023-03-01 08:34 UTC] faulknerehman at gmail dot com 
One possibility is that the SSL error is not being reported as the primary cause of the connection error. For example, there may be other issues with the database server or network that are causing the connection to fail, and the SSL error is not being prioritized in the error message. In this case, you may need to check the server logs or other error messages to identify the root cause of the connection failure.

Another possibility is that the SSL error is not being properly handled by the mysqli extension. This could be due to a bug in the extension or a misconfiguration of the SSL connection parameters. In this case, you may need to check the documentation for the mysqli extension and verify that you are using the correct SSL connection parameters.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Fri Apr 19 20:01:29 2024 UTC