If i understand this correctly remote MySQL server has server certificate to authenticate to a client and encrypt the connection. And client can have client certificate to authenticate to the server, but if i do not need to authenticate client to the server, because i only need encryption, can i omit client certificate when crating PDO connection.
And what is the syntax for that, for example $con = new PDO('mysql:host=someHost;dbname=someDB;port=3306',$user,$pass);
Where to specify that i want SSL but without client certificate
This is how i managed to conect with PDO
$conn = new PDO('mysql:host=myServer;dbname=MyDb',
$user,
$pass,
array(PDO::MYSQL_ATTR_SSL_CA => '/etc/ssl/certs/anyOneOfTheMilionCertsFromHere.pem',
PDO::MYSQL_ATTR_SSL_CAPATH => '/etc/ssl/certs/')
);
I do not know whay but it does not work if i do not specify .pem file in "PDO::MYSQL_ATTR_SSL_CA", it can be any .pem file for example Deutsche_Telekom_Root_CA_2.pem, Baltimore_CyberTrust_Root.pem, ... it will work.
And this is how i managed to do it with the MYSQLI, just elegantly telling it that i whant SSL with constant "MYSQLI_CLIENT_SSL", without specifying some random friking .pem file
$mi = mysqli_init();
$conn = mysqli_real_connect($mi, $server, $user, $pass, $db, 3306, NULL, MYSQLI_CLIENT_SSL) or die(mysqli_connect_error());
Can this be done with PDO(like normaly) without explicitly specifying .pem file?
Download certificate from
wget --no-check-certificate https://dl.cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
pdo connection code looks like
$options = array(
PDO::MYSQL_ATTR_SSL_CA => '/path to crt file /DigiCertGlobalRootCA.crt.pem',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
);
$dsn = "mysql:host=$host;port=$port;dbname=$db_name";
try {
$pdo = new \PDO($dsn, $username, $password, $options);
} catch (\PDOException $e) {
throw new \PDOException($e->getMessage(), (int)$e->getCode());
}
mysql connection looks like
//Initializes MySQLi
$conn = mysqli_init();
mysqli_ssl_set($conn,NULL,NULL, "/path to crt file /DigiCertGlobalRootCA.crt.pem", NULL, NULL);
mysqli_real_connect($conn, $host, $username, $password, $db_name, $port, NULL, MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);
//OR//
mysqli_real_connect($conn, $host, $username, $password, $db_name, 3306, NULL, MYSQLI_CLIENT_SSL);
//If connection failed, show the error
if (mysqli_connect_errno())
{
die('Failed to connect to MySQL: '.mysqli_connect_error());
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.