stackoom
  简体   繁体   中英

Connect to remote MySQL server with SSL from PHP

 原文  2012-03-16 14:05:31       php/ mysql/ ssl

Question

I'm trying to connect to remote MySQL server with SSL from PHP using mysql_connect:

$link = mysql_connect(
    "ip",
    "user",
    "pass",
    true,
    MYSQL_CLIENT_SSL
)

And get worst error ever:

SSL connection error

I've added following params into my.cnf:

[client]
ssl-ca      =/etc/mysql/ssl/ca-cert.pm
ssl-cert    =/etc/mysql/ssl/client-cert.pem
ssl-key     =/etc/mysql/ssl/client-key.pem

So I can connect to remote mysql successfully from terminal just using

#mysql -h ip -u user -p

So connection to mysql server do work and as far as I understand problem is in php/mysql cooperation. Probably I'm missing some params.

Unfortunately I can't use mysqli lib because have too many working adapters for pdo_mysql.

My PHP Version is 5.3.6-13ubuntu3.6 MySQL version is 5.1.61

Also I've added

mssql.secure_connection = On

to my php.ini

Help will be appreciated!

3 answers

solution1
 41 ACCPTED  2012-03-19 10:44:44

"Unfortunately I can't use mysqli lib because have too many working adapters for pdo_mysql."

You're using the old MySQL extension ("mysql_connect"), which is no longer under development ( maintenance only ). Since you're using PHP 5, you may want to use MySQLi , the MySQL Improved Extension. Among other things, it has an object-oriented interface, support for prepared/multiple statements and has enhanced debugging capabilities. You can read more about converting to MySQLi here ; more about the mysqli class itself here .

Here is some sample code that may help you get started:

<?php
ini_set ('error_reporting', E_ALL);
ini_set ('display_errors', '1');
error_reporting (E_ALL|E_STRICT);

$db = mysqli_init();
mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);

$db->ssl_set('/etc/mysql/ssl/client-key.pem', '/etc/mysql/ssl/client-cert.pem', '/etc/mysql/ssl/ca-cert.pem', NULL, NULL);
$link = mysqli_real_connect ($db, 'ip', 'user', 'pass', 'db', 3306, NULL, MYSQLI_CLIENT_SSL);
if (!$link)
{
    die ('Connect error (' . mysqli_connect_errno() . '): ' . mysqli_connect_error() . "\n");
} else {
    $res = $db->query('SHOW TABLES;');
    print_r ($res);
    $db->close();
}
?>

If PDO_MYSQL is really what you want, then you need to do something like this:

<?php
$pdo = new PDO('mysql:host=ip;dbname=db', 'user', 'pass', array(
    PDO::MYSQL_ATTR_SSL_KEY    =>'/etc/mysql/ssl/client-key.pem',
    PDO::MYSQL_ATTR_SSL_CERT=>'/etc/mysql/ssl/client-cert.pem',
    PDO::MYSQL_ATTR_SSL_CA    =>'/etc/mysql/ssl/ca-cert.pem'
    )
);
$statement = $pdo->query("SHOW TABLES;");
$row = $statement->fetch(PDO::FETCH_ASSOC);
echo htmlentities($row['_message']);
?>

However, only recent versions of PHP have SSL support for PDO, and SSL options are silently ignored in (at least) version 5.3.8: see the bug report .

Good luck!

solution2
 0  2020-01-11 08:26:15

if your using PHP 7.3 and AWS PEM file , Use below code to connect DB with ssl

UR AWS PEM FILE PATH =/home/cert/rds2019.pem
$mysqli = mysqli_init();
$mysqli->ssl_set(NULL,NULL,'UR AWS PEM FILE PATH',NULL,'DHE-RSA-AES256-SHA');
$mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$mysqli->real_connect($dbHostName, $dbUserName, $dbPassword, $dataBaseName,PORT,NULL, MYSQLI_CLIENT_SSL);

return $mysqli;

For PDO Connection

$pdo = new PDO('mysql:host='.$dbHostName.';dbname='.$dataBaseName.'', $dbUserName, $dbPassword, array(
            //PDO::MYSQL_ATTR_SSL_KEY    =>NULL,

            //PDO::MYSQL_ATTR_SSL_CERT=>NULL,

            PDO::MYSQL_ATTR_SSL_CA    =>'UR AWS PEM FILE PATH',
            PDO::MYSQL_ATTR_SSL_CAPATH    =>NULL,
            PDO::MYSQL_ATTR_SSL_CIPHER    =>'DHE-RSA-AES256-SHA',
            PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
            )
        );
return $pdo;

solution3
 0  2012-03-16 14:20:57

Change [client] header to [mysqld] . You need to setup server side certificates there, not client side.

See a full example from MySQL documentation.

Also, see this similar question: PHP to MySQL SSL Connections

Server certificates allow the server to respond to SSL requests, and they don't require the client to have a certificate. Any time you connect to a web site via HTTPS, you are using the server's certificates to verify that you are connecting to the correct server, and you are using the certificate's public key for encryption.

Client certificates allow a server to authenticate the client.

In your case, you want server certificates. You want to install the certificates on the server (MySQL), and the client (PHP) will be able to authenticate the server and use the certificate's public key for setting up encryption. Client certificates are fairly rare.

If you do wish to utilize client certificates, you must use mysqli or PDO .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Not able to connect with remote MySQL server from another server in PHP PHP Mysql iis VPS - connect from remote server Can't connect to remote Mysql server from php PHP How to allow mysql to connect from remote server Connect to SQL Server Server with SSL from PHP Connect to a remote mysql server using PHP Is it possible to connect PHP PDO to remote MySQL with SSL but without client certificate Using SSL to connect to mySQL from PHP Using port forwarding and php with mysql_connect onto a remote server remote php mysql_connect to SQL server set up at home
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM