PHP ODBC 无法使用 Openssl 1.1.1 连接到 SQL Server 2012
[英]PHP ODBC can't connect to SQL Server 2012 with Openssl 1.1.1
问题描述
I've seen parts of this question asked around a few times, but nothing has worked for me yet.
我已经看到这个问题的一部分被问了几次,但对我来说还没有任何效果。
I have an SQL Server 2012 instance running on a Windows server.我有一个在 Windows 服务器上运行的 SQL Server 2012 实例。 On my Ubuntu 20.10 server, I am running PHP 7.4.12 on an apache server.在我的 Ubuntu 20.10 服务器上,我在 apache 服务器上运行 PHP 7.4.12。 I have openssl version 1.1.1 installed.我安装了 openssl 1.1.1 版。
I followed most of the instructions found in the microsoft docs:我遵循了微软文档中的大部分说明:
https://docs.microsoft.com/en-us/sql/connect/php/installation-tutorial-linux-mac?view=sql-server-ver15#installing-the-drivers-on-ubuntu-1604-1804-and-2004
but ran into some issues when downloading the msodbcsql17 driver.但是在下载 msodbcsql17 驱动程序时遇到了一些问题。 I had to download it from here instead:我不得不从这里下载它:
https://packages.microsoft.com/ubuntu/20.04/prod/pool/main/m/msodbcsql17/
My PHP script:我的 PHP 脚本:
<?php
try {
// Sensitive info is replaced by temporary strings.
$serverName = "<ip_addr>,<port>";
$options = array("Database" => "<db_name>", "UID" => "<user_name>", "PWD" => "<password>");
$conn = sqlsrv_connect($serverName, $options);
if ($conn == false) {
var_dump(sqlsrv_errors());
die();
}
} catch(Exception $e) {
echo("Error!");
}
Here is the error printed out from the var_dump(sqlsrv_errors());这是从var_dump(sqlsrv_errors());打印出来的错误var_dump(sqlsrv_errors()); in the code above:在上面的代码中:
array(2) {
[0]=>
array(6) {
[0]=>
string(5) "08001"
["SQLSTATE"]=>
string(5) "08001"
[1]=>
int(10054)
["code"]=>
int(10054)
[2]=>
string(73) "[Microsoft][ODBC Driver 17 for SQL Server]TCP Provider: Error code 0x2746"
["message"]=>
string(73) "[Microsoft][ODBC Driver 17 for SQL Server]TCP Provider: Error code 0x2746"
}
[1]=>
array(6) {
[0]=>
string(5) "08001"
["SQLSTATE"]=>
string(5) "08001"
[1]=>
int(10054)
["code"]=>
int(10054)
[2]=>
string(79) "[Microsoft][ODBC Driver 17 for SQL Server]Client unable to establish connection"
["message"]=>
string(79) "[Microsoft][ODBC Driver 17 for SQL Server]Client unable to establish connection"
}
}
I saw this potential solution here: https://github.com/microsoft/msphpsql/issues/1021#issuecomment-520943561 but there is no line CipherString = DEFAULT@SECLEVEL-2 in the /etc/ssl/openssl.cnf file as the answer states.我在这里看到了这个潜在的解决方案: https : //github.com/microsoft/msphpsql/issues/1021#issuecomment-520943561但/etc/ssl/openssl.cnf文件中没有一行CipherString = DEFAULT@SECLEVEL-2答案指出。 I tried adding CipherString = DEFAULT@SECLEVEL=1 to the end of the file anyway, but nothing changed.无论如何,我尝试将CipherString = DEFAULT@SECLEVEL=1到文件末尾,但没有任何改变。
What can I do to fix this error in the connection?我能做些什么来修复连接中的这个错误? Is the only other option to downgrade openssl versions?是降级 openssl 版本的唯一其他选择吗? I've read that it can break many packages and cause issues down the line.我读过它可以破坏许多软件包并导致问题。 I can't take the SQL Server offline to upgrade to a newer SQL version either.我也无法将 SQL Server 脱机升级到更新的 SQL 版本。
I have made sure that the SQL Server is accepting remote connections as I can make an ODBC connection to the SQL Server from another machine using Crystal Reports.我已确保 SQL Server 接受远程连接,因为我可以使用 Crystal Reports 从另一台计算机建立到 SQL Server 的 ODBC 连接。
EDIT: openssl command results编辑:openssl 命令结果
Here are the results which printed immediately after running:以下是运行后立即打印的结果:
openssl s_client -host <ip_addr> -port <port> -tls1
CONNECTED(00000003)
139710250579264:error:141E70BF:SSL routines:tls_construct_client_hello:no protoc ols available:../ssl/statem/statem_clnt.c:1112:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
Here are the results after running:下面是运行后的结果:
openssl s_client -host <ip_addr> -port <port> -tls1_2
and it stayed open for a while and then finally after not entering anything it printed this:它保持打开状态一段时间,最后在没有输入任何内容后,它打印了以下内容:
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 188 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1605916005
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no
---
1 个解决方案
解决方案1
1 2021-03-30 13:20:48
This is a bit late now.现在有点晚了。 Try MinProtocol = TLSv1.0 in /etc/ssl/openssl.cnf .在/etc/ssl/openssl.cnf尝试MinProtocol = TLSv1.0 。 This works fine for me ( https://github.com/microsoft/msphpsql/issues/1023#issuecomment-523214695 )这对我来说很好( https://github.com/microsoft/msphpsql/issues/1023#issuecomment-523214695 )
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.