PHP PDO SSL MySQL连接失败
[英]PHP PDO SSL MySQL connection fails
问题描述
I'm trying to develop a PHP application which connects to a MySQL server using SSL. 
我正在尝试开发一个使用SSL连接到MySQL服务器的PHP应用程序。 I tried using mysql_connect and works fine, but with PDO it does not. 我尝试使用mysql_connect并可以正常工作,但使用PDO却不能。 When I try to connect I get the following error: 当我尝试连接时,出现以下错误:
PDO::__construct(): this stream does not support SSL/crypto
What looks strange is that if I tweak cert paths (to point to non existent files) I get the same error! 看起来很奇怪的是,如果我调整证书路径(指向不存在的文件),则会遇到相同的错误!
I'm using php 5.3.10 on Debian Squeeze, the following packages are installed: 我在Debian Squeeze上使用php 5.3.10,安装了以下软件包:
php5-cgi
php5-cli
php5-common
php5-fpm
php5-gd
php5-mcrypt
php5-mysql
php5-suhosin
Any idea? 任何的想法? thanks 谢谢
2 个解决方案
解决方案1
1 2015-06-12 14:57:26
You need php-mysql removed and php-mysqlnd installed. 您需要删除php-mysql并安装php-mysqlnd。 On Centos: 在Centos上:
sudo yum remove php-mysql
sudo yum install php-mysqlnd
sudo yum reboot
Ubuntu/Debian Ubuntu / Debian的
sudo apt-get remove php5-mysql
sudo apt-get install php5-mysqlnd
sudo reboot
mysqli procedural: mysqli程序:
$con=mysqli_init();
if (!$con)
{
die("mysqli_init failed");
}
mysqli_ssl_set($con,'/ssl/client-key.pem','/ssl/client-cert.pem', '/ssl/ca.pem',NULL,NULL);
if (!mysqli_real_connect($con,'xx.xxx.xxx.xxx', 'user', 'pass' ,'dbname'))
{
die("Connect Error: " . mysqli_connect_error());
}
mysqli_close($con);
?>
PDO PDO
$ssl = array(
PDO::MYSQL_ATTR_SSL_KEY =>'/ssl/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT=>'/ssl/client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA =>'/ssl/ca.pem'
);
try {
$dbl = new PDO("mysql:host=$host;dbname=$database", $user, $password, $ssl);
$dbl->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch(PDOException $e) {
echo $e->getMessage();
die;
}
Your certs paths must be correct. 您的证书路径必须正确。 Try this in your SSL to ensure the files are there: 在SSL中尝试此操作,以确保文件在那里:
if(file_exists('/ssl/client-key.pem') && file_exists('/ssl/client-cert.pem') && file_exists('/ssl/ca.pem')) echo 'file exists';
The remote host (database server) must also have SSL enabled. 远程主机(数据库服务器)还必须启用SSL。 Run the query 运行查询
SHOW VARIABLES LIKE '%ssl%';
OUTPUT: 输出:
+---------------+----------------------+
| Variable_name | Value |
+---------------+----------------------+
| have_openssl | YES |
| have_ssl | YES |
| ssl_ca | /ssl/ca.pem |
| ssl_capath | |
| ssl_cert | /ssl/server-cert.pem |
| ssl_cipher | DHE-RSA-AES256-SHA |
| ssl_key | /ssl/server-key.pem |
+---------------+----------------------+
If it's disabled, it will not work. 如果禁用,它将无法正常工作。 Your /etc/my.cnf (or where your my.cnf is located) must contain: 您的/etc/my.cnf(或my.cnf所在的位置)必须包含:
ssl-ca=/ssl/ca.pem
ssl-cert=/ssl/server-cert.pem
ssl-key=/ssl/server-key.pem
ssl-cipher=DHE-RSA-AES256-SHA
MySQL Resource to generate keys: http://dev.mysql.com/doc/refman/5.0/en/creating-ssl-files-using-openssl.html 生成密钥的MySQL资源: http : //dev.mysql.com/doc/refman/5.0/en/creating-ssl-files-using-openssl.html
Lastly, the DHE cipher is not considered safe anymore. 最后,DHE密码不再被认为是安全的。 Ciphers are continually being broke, so you'll have to find out which are considered secure today. 密码一直在被破坏,因此您必须找出今天被认为安全的密码。
解决方案2
1 2012-02-24 14:07:40
Your list of modules doesn't include include openssl 您的模块列表不包括include openssl
You can check the compiled in modules with php -m . 您可以使用php -m检查编译的模块。 And you can check all modules loaded at runtime by running php -a then executing var_dump(get_loaded_extensions()); 您可以通过运行php -a然后执行var_dump(get_loaded_extensions());来检查运行时加载的所有模块var_dump(get_loaded_extensions());
You will need this to be either compiled in, or loaded as an extension in order to use SSL connectivity. 您需要将其编译或作为扩展加载,以使用SSL连接。
If the extension exists on disk (check your php extensions directory - location in php.ini ) then also check your php.ini for the line extension=php_openssl.so and make sure it is not commented out. 如果磁盘上存在扩展(检查你的php扩展目录-在位置php.ini ),那么也请检查您php.ini的线路extension=php_openssl.so并确保它没有被注释掉。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.