Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PHP: PDO(MySQL) SSL Connection

Tags:

php

mysql

ssl

pdo

I am trying to establish an SSL connection to a MySQL server using the following code (On Debian GNU/Linux 7 (wheezy) with PHP 5.4.4):

$db = new PDO('mysql:host=mysql.myorganization.net;dbname=myDB',
     'username', 'password', array(
        PDO::MYSQL_ATTR_SSL_CA => 'mysqlCertificates/caChain.pem'
));

var_dump($db->query("SHOW STATUS LIKE 'Ssl_cipher';")->fetchAll());

But I am getting this error:

SQLSTATE[HY000] [2026] SSL connection error: ASN: bad other signature confirmation

I can successfully establish an SSL connection using the mysql command:

mysql -u username -p -h mysql.myorganizataion.net --ssl-ca mysqlCertificates/caChain.pem

I also built PHP 5.4.4 from source and (without running make install) I ran

sapi/cli/php ~/Projects/test.php

and I get the following output

array(1) {
  [0]=>
  array(4) {
    ["Variable_name"]=>
    string(10) "Ssl_cipher"
    [0]=>
    string(10) "Ssl_cipher"
    ["Value"]=>
    string(18) "DHE-RSA-AES256-SHA"
    [1]=>
    string(18) "DHE-RSA-AES256-SHA"
  }
}

I tried looking for anything in the php.ini files and my.cnf files to see if anything might be upsetting the connection but I am not really sure what I am looking for.

So my question is:

What could be causing this error to show up when php is run from /usr/bin/php but not when it is run from the sapi/cli/php in a build folder?

I realize my PHP is out of date but I am unable to update it until our next maintenance window, and I feel what I have done so far demonstrates it is not a version issue.

like image 991
InfernoTK Avatar asked Apr 14 '15 18:04

InfernoTK


People also ask

How to connect to a MySQL database from PHP PDO?

SQLSTATE [HY000] [2002] php_network_getaddresses: getaddrinfo failed: No such host is known. Enable the PDO_MYSQL driver in the php.ini file for connecting to a MySQL database from PHP PDO. Create an instance of the PDO class to make a connection to a MySQL database.

What is the difference between mysqli and PDO?

Both MySQLi and PDO have their advantages: PDO will work on 12 different database systems, whereas MySQLi will only work with MySQL databases. So, if you have to switch your project to use another database, PDO makes the process easy. You only have to change the connection string and a few queries.

How do I check if PDO_MySQL driver is enabled?

PDO uses the PDO_MYSQL driver to connect to a MySQL database. To check if the PDO_MYSQL driver is enabled, you open the php.ini file. The php.ini file is often located under the php directory. For example, you can find the php.ini file under the C:\xampp\php directory if you use XAMPP on Windows.

What is PDO_MySQL in MySQL?

MySQL Functions (PDO_MYSQL) Introduction. PDO_MYSQL is a driver that implements the PHP Data Objects (PDO) interface to enable access from PHP to MySQL databases.


1 Answers

In your example your are not using the full path in the PDO connection string for your certificate:

PDO::MYSQL_ATTR_SSL_CA => 'mysqlCertificates/caChain.pem'

Could you try with the full path just like below

PDO::MYSQL_ATTR_SSL_CA => '/fullpath/to/mysqlCertificates/caChain.pem'

like image 163
Bizmate Avatar answered Oct 12 '22 03:10

Bizmate