PHP: PDO(MySQL) SSL Connection

Question

I am trying to establish an SSL connection to a MySQL server using the following code (On Debian GNU/Linux 7 (wheezy) with PHP 5.4.4):

$db = new PDO('mysql:host=mysql.myorganization.net;dbname=myDB',
     'username', 'password', array(
        PDO::MYSQL_ATTR_SSL_CA => 'mysqlCertificates/caChain.pem'
));

var_dump($db->query("SHOW STATUS LIKE 'Ssl_cipher';")->fetchAll());

But I am getting this error:

SQLSTATE[HY000] [2026] SSL connection error: ASN: bad other signature confirmation

I can successfully establish an SSL connection using the mysql command:

mysql -u username -p -h mysql.myorganizataion.net --ssl-ca mysqlCertificates/caChain.pem

I also built PHP 5.4.4 from source and (without running make install) I ran

sapi/cli/php ~/Projects/test.php

and I get the following output

array(1) {
  [0]=>
  array(4) {
    ["Variable_name"]=>
    string(10) "Ssl_cipher"
    [0]=>
    string(10) "Ssl_cipher"
    ["Value"]=>
    string(18) "DHE-RSA-AES256-SHA"
    [1]=>
    string(18) "DHE-RSA-AES256-SHA"
  }
}

I tried looking for anything in the php.ini files and my.cnf files to see if anything might be upsetting the connection but I am not really sure what I am looking for.

So my question is:

What could be causing this error to show up when php is run from /usr/bin/php but not when it is run from the sapi/cli/php in a build folder?

I realize my PHP is out of date but I am unable to update it until our next maintenance window, and I feel what I have done so far demonstrates it is not a version issue.

Answer 1

In your example your are not using the full path in the PDO connection string for your certificate:

PDO::MYSQL_ATTR_SSL_CA => 'mysqlCertificates/caChain.pem'

Could you try with the full path just like below

PDO::MYSQL_ATTR_SSL_CA => '/fullpath/to/mysqlCertificates/caChain.pem'