从 PHP 使用 SSL 连接到远程 MySQL 服务器
[英]Connect to remote MySQL server with SSL from PHP
问题描述
I'm trying to connect to remote MySQL server with SSL from PHP using mysql_connect:
我正在尝试使用 mysql_connect 从 PHP 连接到带有 SSL 的远程 MySQL 服务器:
$link = mysql_connect(
"ip",
"user",
"pass",
true,
MYSQL_CLIENT_SSL
)
And get worst error ever:并得到有史以来最严重的错误:
SSL connection error
I've added following params into my.cnf:我在 my.cnf 中添加了以下参数:
[client]
ssl-ca =/etc/mysql/ssl/ca-cert.pm
ssl-cert =/etc/mysql/ssl/client-cert.pem
ssl-key =/etc/mysql/ssl/client-key.pem
So I can connect to remote mysql successfully from terminal just using所以我可以从终端成功连接到远程 mysql 只需使用
#mysql -h ip -u user -p
So connection to mysql server do work and as far as I understand problem is in php/mysql cooperation.所以连接到 mysql 服务器确实有效,据我所知问题出在 php/mysql 合作中。 Probably I'm missing some params.可能我缺少一些参数。
Unfortunately I can't use mysqli lib because have too many working adapters for pdo_mysql.不幸的是,我无法使用 mysqli lib,因为 pdo_mysql 的工作适配器太多。
My PHP Version is 5.3.6-13ubuntu3.6 MySQL version is 5.1.61我的 PHP 版本是 5.3.6-13ubuntu3.6 MySQL 版本是 5.1.61
Also I've added我也添加了
mssql.secure_connection = On
to my php.ini到我的 php.ini
Help will be appreciated!帮助将不胜感激!
3 个解决方案
解决方案1
41 已采纳 2012-03-19 10:44:44
"Unfortunately I can't use mysqli lib because have too many working adapters for pdo_mysql."
You're using the old MySQL extension ("mysql_connect"), which is no longer under development ( maintenance only ).您正在使用旧的 MySQL 扩展(“mysql_connect”),它不再处于开发阶段(仅限维护)。 Since you're using PHP 5, you may want to use MySQLi , the MySQL Improved Extension.由于您使用的是 PHP 5,您可能需要使用MySQLi ,即 MySQL改进的扩展。 Among other things, it has an object-oriented interface, support for prepared/multiple statements and has enhanced debugging capabilities.除其他外,它具有面向对象的接口,支持准备/多语句并增强了调试功能。 You can read more about converting to MySQLi here ;您可以在此处阅读有关转换为 MySQLi 的更多信息; more about the mysqli class itself here .更多关于 mysqli 类本身在这里。
Here is some sample code that may help you get started:以下是一些可以帮助您入门的示例代码:
<?php
ini_set ('error_reporting', E_ALL);
ini_set ('display_errors', '1');
error_reporting (E_ALL|E_STRICT);
$db = mysqli_init();
mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$db->ssl_set('/etc/mysql/ssl/client-key.pem', '/etc/mysql/ssl/client-cert.pem', '/etc/mysql/ssl/ca-cert.pem', NULL, NULL);
$link = mysqli_real_connect ($db, 'ip', 'user', 'pass', 'db', 3306, NULL, MYSQLI_CLIENT_SSL);
if (!$link)
{
die ('Connect error (' . mysqli_connect_errno() . '): ' . mysqli_connect_error() . "\n");
} else {
$res = $db->query('SHOW TABLES;');
print_r ($res);
$db->close();
}
?>
If PDO_MYSQL is really what you want, then you need to do something like this:如果PDO_MYSQL真的是你想要的,那么你需要做这样的事情:
<?php
$pdo = new PDO('mysql:host=ip;dbname=db', 'user', 'pass', array(
PDO::MYSQL_ATTR_SSL_KEY =>'/etc/mysql/ssl/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT=>'/etc/mysql/ssl/client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA =>'/etc/mysql/ssl/ca-cert.pem'
)
);
$statement = $pdo->query("SHOW TABLES;");
$row = $statement->fetch(PDO::FETCH_ASSOC);
echo htmlentities($row['_message']);
?>
However, only recent versions of PHP have SSL support for PDO, and SSL options are silently ignored in (at least) version 5.3.8: see the bug report .但是,只有最新版本的 PHP 对 PDO 提供 SSL 支持,并且(至少)版本 5.3.8 中会默默忽略 SSL 选项:请参阅错误报告。
Good luck!祝你好运!
解决方案2
0 2020-01-11 08:26:15
if your using PHP 7.3 and AWS PEM file , Use below code to connect DB with ssl如果您使用 PHP 7.3 和 AWS PEM 文件,请使用以下代码将 DB 与 ssl 连接
UR AWS PEM FILE PATH =/home/cert/rds2019.pem
$mysqli = mysqli_init();
$mysqli->ssl_set(NULL,NULL,'UR AWS PEM FILE PATH',NULL,'DHE-RSA-AES256-SHA');
$mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$mysqli->real_connect($dbHostName, $dbUserName, $dbPassword, $dataBaseName,PORT,NULL, MYSQLI_CLIENT_SSL);
return $mysqli;返回 $mysqli;
For PDO Connection用于 PDO 连接
$pdo = new PDO('mysql:host='.$dbHostName.';dbname='.$dataBaseName.'', $dbUserName, $dbPassword, array(
//PDO::MYSQL_ATTR_SSL_KEY =>NULL,
//PDO::MYSQL_ATTR_SSL_CERT=>NULL,
PDO::MYSQL_ATTR_SSL_CA =>'UR AWS PEM FILE PATH',
PDO::MYSQL_ATTR_SSL_CAPATH =>NULL,
PDO::MYSQL_ATTR_SSL_CIPHER =>'DHE-RSA-AES256-SHA',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
)
);
return $pdo;
解决方案3
0 2012-03-16 14:20:57
Change [client] header to [mysqld] .将[client]标头更改为[mysqld] 。 You need to setup server side certificates there, not client side.您需要在那里设置服务器端证书,而不是客户端。
See a full example from MySQL documentation.请参阅 MySQL 文档中的完整示例。
Also, see this similar question: PHP to MySQL SSL Connections另外,请参阅这个类似的问题: PHP to MySQL SSL Connections
Server certificates allow the server to respond to SSL requests, and they don't require the client to have a certificate.服务器证书允许服务器响应 SSL 请求,并且不需要客户端拥有证书。 Any time you connect to a web site via HTTPS, you are using the server's certificates to verify that you are connecting to the correct server, and you are using the certificate's public key for encryption.任何时候您通过 HTTPS 连接到网站时,您都是在使用服务器的证书来验证您是否连接到了正确的服务器,并且您正在使用证书的公钥进行加密。
Client certificates allow a server to authenticate the client.客户端证书允许服务器对客户端进行身份验证。
In your case, you want server certificates.在您的情况下,您需要服务器证书。 You want to install the certificates on the server (MySQL), and the client (PHP) will be able to authenticate the server and use the certificate's public key for setting up encryption.您想在服务器 (MySQL) 上安装证书,客户端 (PHP) 将能够对服务器进行身份验证并使用证书的公钥来设置加密。 Client certificates are fairly rare.客户端证书相当少见。
If you do wish to utilize client certificates, you must use mysqli or PDO .如果您确实希望使用客户端证书,则必须使用mysqli或PDO 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.