PHP PDO(MySQL)中的SSL支持如何工作?
[英]How does SSL support in PHP PDO (MySQL) work?
问题描述
I'm familiar with the public/private key negotiation implemented in HTTPS, which is why I am confused by the following driver options that are apparently available (though not officially documented) for PDO's MySQL driver: 
我熟悉HTTPS中实现的公钥/私钥协商,这就是为什么我为PDO的MySQL驱动程序显然可用的以下驱动程序选项(尽管未正式记录)感到困惑的原因:
PDO::MYSQL_ATTR_SSL_KEY
PDO::MYSQL_ATTR_SSL_CERT
PDO::MYSQL_ATTR_SSL_CA
The link suggests they point to files stored locally - yet why would a copy of anything besides the CA certificate be stored on the client? 该链接表明它们指向本地存储的文件-但是为什么将CA证书以外的任何内容的副本存储在客户端上? Has anyone successfully made an encrypted connection using this method? 有人使用这种方法成功建立了加密连接吗?
1 个解决方案
解决方案1
2 已采纳 2012-01-26 01:38:06
This pertains to client certificates that the client must have in order to be able to connect to the server, ie that the client must verify its identity (yes, SSL can work the other way around as well). 这与客户端必须具有才能连接到服务器的客户端证书有关,即客户端必须验证其身份(是的,SSL也可以以其他方式工作)。 Start by reading the general section Using SSL for Secure Connections , then see the REQUIRE clauses in the GRANT syntax : 首先阅读常规部分“ 使用SSL进行安全连接” ,然后查看GRANT语法中的REQUIRE子句:
REQUIRE X509means that the client must have a valid certificate but that the exact certificate, issuer, and subject do not matter.REQUIRE X509意味着客户端必须具有有效的证书,但是确切的证书,颁发者和主题无关紧要。 The only requirement is that it should be possible to verify its signature with one of the CA certificates.
REQUIRE ISSUER 'issuer'places the restriction on connection attempts that the client must present a valid X509 certificate issued by CA 'issuer'.REQUIRE ISSUER 'issuer'对连接尝试施加了限制,即客户端必须出示由CA“ issuer”颁发的有效X509证书。 If the client presents a certificate that is valid but has a different issuer, the server rejects the connection....
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.