stackoom
  简体   繁体   中英

Cannot connect to Google Cloud MySQL using SSL with PDO on Google Compute

 原文  2016-02-19 23:06:50       mysql/ ssl/ pdo/ google-compute-engine

Question

Just figured this out and wanted to share.

I am able to connect to MySQL using SSL with the PHP PDO from my local machine. The same code fails when run from a Google Compute Engine instance. I know the certs and IP address are setup correctly because connecting via the MySQL command line client using SSL on the instance works perfectly.

MySQL command line works on Compute:

mysql --ssl-ca=server-ca.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem \\ --host=111.111.111.111 --user=someuser --password

PHP PDO does not work on Compute: 

<?php
new PDO ('mysql:host=111.111.111.111;port=3306;dbname=mydatabase', 
          'someuser', 
          'somepassword,
          array(
             PDO::MYSQL_ATTR_SSL_KEY => '/somedir/ssl/client-key.pem',
             PDO::MYSQL_ATTR_SSL_CERT => '/somedir/ssl/client-cert.pem',
             PDO::MYSQL_ATTR_SSL_CA => '/somedir/ssl/ca-cert.pem'
            )
        );

PDO gives this error on Compute:

PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000] [2026] SSL connection error: ASN: bad other signature confirmation'

2 answers

solution1
 0  2016-02-19 23:06:50

Remove the CA cert from the PDO connection. Remove this key/value from the array:

PDO::MYSQL_ATTR_SSL_CA => '/somedir/ssl/ca-cert.pem'

Like so: 

<?php
new PDO ('mysql:host=111.111.111.111;port=3306;dbname=mydatabase', 
          'someuser', 
          'somepassword,
          array(
             PDO::MYSQL_ATTR_SSL_KEY => '/somedir/ssl/client-key.pem',
             PDO::MYSQL_ATTR_SSL_CERT => '/somedir/ssl/client-cert.pem'
            )
        );

PDO with SSL will silently fail back to an insecure connection under certain conditions. To test that SSL is working run this query on the connection: 

SHOW STATUS LIKE 'Ssl_cipher';

It should return something like: 

 Ssl_cipher => DHE-RSA-AES256-SHA

Otherwise the it will return an empty value.

solution2
 0  2018-07-28 04:27:51

Just add one more PDO attribute (as per comments by Desislav Kamenov in http://php.net/manual/en/ref.pdo-mysql.php ) into your array so that your PDO becomes ... 

new PDO ('mysql:host=111.111.111.111;port=3306;dbname=mydatabase',
      'someuser',
      'somepassword',
      array(
         PDO::MYSQL_ATTR_SSL_KEY => '/somedir/ssl/client-key.pem',
         PDO::MYSQL_ATTR_SSL_CERT => '/somedir/ssl/client-cert.pem',
         PDO::MYSQL_ATTR_SSL_CA => '/somedir/ssl/ca-cert.pem',
         PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
      )
    );

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Cannot connect to Google Cloud SQL through Google App Engine with Pdo_Mysql in ZF2 Unable to connect to Google Cloud SQL using PDO Cannot connect to Google Cloud SQL using SSL + Golang from Google App Engine Cannot connect Google Cloud SQL in MySql Workbench Connect to MySQL instance on Google Cloud Compute Engine VM from Cloud Run PHP Unable to Connect to Google Cloud MySQL using Google App Engine Cannot connect to Google Cloud SQL (MySQL) - No settings changed Connect to Google Cloud MySQL Database How to connect to Google Cloud SQL by SSL? Remotely connect to MySQL on Google Compute Engine VM
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM