Re: [PHP-DEV] 5.3.7 is breaking SSL

Wed, 24 Aug 2011 01:33:02 -0700 

 Hi,
it's pretty simple, once you have a MySQL server running with enabled SSL. You can use the following three files to set your MySQL 
http://hristov.com/mysql_certs/server-key.pem
http://hristov.com/mysql_certs/server-cert.pem
http://hristov.com/mysql_certs/cacert.pem
[mysqld]
ssl-capath=/path/to/certs
ssl-ca=/path/to/certscacert.pem
ssl-cert=/path/to/certsserver-cert.pem
ssl-key=/path/to/certsserver-key.pem

Then on the client side :
./php -r '$flags=MYSQLI_CLIENT_SSL; $c = mysqli_init(); $c->real_connect("127.0.0.1", "root", "root", "test", 3306, null, $flags);'
leads to a hang during authentication. The server has sent 11 bytes, the client reads 4 of them and knows that it should read additional 7, because of the information in the 4 bytes. The read of the 7 bytes hang. I tried to debug this with ssldump with no success. 


Best,
Andrey

On 08/23/2011 07:32 PM, Pierre Joye wrote:

also check with Andrey, he spent a fair amount of time around this issue.

On Tue, Aug 23, 2011 at 7:21 PM, Scott MacVicar<sc...@macvicar.net>  wrote:

On Aug 17, 2011, at 5:50 PM, Reindl Harald wrote:


well i guess it is the change below this results in connections in hanging
around and after a hughe timeout filling my mailbox with cron-mails:

mysqlnd 5.0.8-dev - 20102224 - $Revision: 310735 $

without ssl_set() all works fine but unencyrpted :-(
___________

MySQL server has gone away

$this->ssl_key = '/etc/mysql-ssl/client.pem';
$this->ssl_crt = '/etc/mysql-ssl/client.pem';
$this->ssl_ca �= '/etc/mysql-ssl/ca.crt';

$>conn->ssl_set($this->ssl_key, $this->ssl_crt, $this->ssl_ca, NULL, NULL);
___________

https://bugs.php.net/bug.php?id=55283

- MySQLi extension:
�. Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi
� �persistent connections). (Andrey)





Do you have a full script I can use to look at? Do you set a mysql timeout?

- Scott

--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php









--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to