stackoom
  简体   繁体   中英

Is it possible to connect PHP PDO to remote MySQL with SSL but without client certificate

 原文  2019-02-21 21:52:07       php/ pdo

Question

If i understand this correctly remote MySQL server has server certificate to authenticate to a client and encrypt the connection. And client can have client certificate to authenticate to the server, but if i do not need to authenticate client to the server, because i only need encryption, can i omit client certificate when crating PDO connection.

And what is the syntax for that, for example $con = new PDO('mysql:host=someHost;dbname=someDB;port=3306',$user,$pass);
Where to specify that i want SSL but without client certificate

2 answers

solution1
 0  2019-02-23 09:33:11

This is how i managed to conect with PDO 

$conn = new PDO('mysql:host=myServer;dbname=MyDb',
                $user,
                $pass,
                array(PDO::MYSQL_ATTR_SSL_CA     => '/etc/ssl/certs/anyOneOfTheMilionCertsFromHere.pem',
                      PDO::MYSQL_ATTR_SSL_CAPATH => '/etc/ssl/certs/')
              );

I do not know whay but it does not work if i do not specify .pem file in "PDO::MYSQL_ATTR_SSL_CA", it can be any .pem file for example Deutsche_Telekom_Root_CA_2.pem, Baltimore_CyberTrust_Root.pem, ... it will work.

And this is how i managed to do it with the MYSQLI, just elegantly telling it that i whant SSL with constant "MYSQLI_CLIENT_SSL", without specifying some random friking .pem file 

$mi = mysqli_init();
$conn = mysqli_real_connect($mi, $server, $user, $pass, $db, 3306, NULL, MYSQLI_CLIENT_SSL) or die(mysqli_connect_error());

Can this be done with PDO(like normaly) without explicitly specifying .pem file?

solution2
 0  2022-02-20 19:48:29

Download certificate from

wget --no-check-certificate https://dl.cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem

pdo connection code looks like 

    $options = array(
   PDO::MYSQL_ATTR_SSL_CA => '/path to crt file /DigiCertGlobalRootCA.crt.pem',
   PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
);
$dsn = "mysql:host=$host;port=$port;dbname=$db_name";

try {
     $pdo = new \PDO($dsn, $username, $password, $options);
} catch (\PDOException $e) {
     throw new \PDOException($e->getMessage(), (int)$e->getCode());
}

mysql connection looks like 

//Initializes MySQLi
$conn = mysqli_init();

mysqli_ssl_set($conn,NULL,NULL, "/path to crt file /DigiCertGlobalRootCA.crt.pem", NULL, NULL);
mysqli_real_connect($conn, $host, $username, $password, $db_name, $port, NULL, MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);

//OR//
mysqli_real_connect($conn, $host, $username, $password, $db_name, 3306, NULL, MYSQLI_CLIENT_SSL);


//If connection failed, show the error
if (mysqli_connect_errno())
{
    die('Failed to connect to MySQL: '.mysqli_connect_error());
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Connect to MySQL/MariaDB with PHP PDO with --ssl without certificate Is it possible to connect via ssl to a remote mysql db using php without certificates or keys? connect to remote wpengine mysql service with php/pdo Connect to remote MySQL server with SSL from PHP Is it possible to connect to a remote database on an ec2 instance with php pdo? PHP: PDO(MySQL) SSL Connection PHP - SSL socket client certificate php SSL client certificate authentication MySQL PHP PDO remote server connect to mysql through php with pdo
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM