Edit report at http://bugs.php.net/bug.php?id=53795&edit=1
ID: 53795
User updated by: dave dot kelly at dawkco dot com
Reported by: dave dot kelly at dawkco dot com
Summary: Connect Error from MySqli (mysqlnd) when using SSL
Status: Assigned
Type: Bug
Package: MySQLi related
Operating System: Windows
PHP Version: 5.3.5
Assigned To: mysql
Block user comment: N
Private report: N
New Comment:
FYI (you probably already know): there are currently no SSL/TLS options
available to be set with the mysqli::options method.
I tried using the mysqli::ssl_set method as follows, but it didn't work
either (same connect error):
$mysqli->ssl_set(NULL, // key file path or NULL
NULL, // cert file path or NULL
'C:/ssl/ca-cert.pem', // ca cert file path or NULL
NULL, // capath directory or NULL
'DHE-RSA-AES256-SHA'); // cipher or NULL
Also, tried the following (no luck):
$mysqli->ssl_set('C:/ssl/key.pem', // key file path or NULL
'C:/ssl/cert.pem', // cert file path or NULL
'C:/ssl/ca-cert.pem', // ca cert file path or NULL
NULL, // capath directory or NULL
NULL); // cipher or NULL
As noted before, these all work with PHP 5.2.17, but not with PHP
5.3.5.
A fix for mysqlnd would be great because trying to do a custom build on
Windows with mysqlnd disabled has become a real ordeal.
Previous Comments:
------------------------------------------------------------------------
[2011-01-24 11:12:59] [email protected]
No, mysqlnd doesn't use my.ini/my.cnf files, as libmysql did. You have
to set your options manually.
------------------------------------------------------------------------
[2011-01-24 10:21:41] [email protected]
mysqlnd does not read default files, AFAIK. I think Andrey wants to
deprecate that, Andrey?
------------------------------------------------------------------------
[2011-01-20 01:59:47] dave dot kelly at dawkco dot com
Description:
------------
- Using PHP 5.3.5 Windows binaries (Zip package).
- extension = php_mysqli.dll is enabled in php.ini.
- trying to use mysqli::real_connect, passing MYSQLI_CLIENT_SSL in the
flags parameter.
It returns the following error:
Warning: mysqli::real_connect() [mysqli.real-connect.html]:
(28000/1045): Access denied for user 'user'@'host' (using password: YES)
in C:\Apache22\htdocs\test.php on line 25
Connect Error (1045)
If I switch to PHP 5.2.17 Windows binaries (Zip package), using the
exact same settings and script, I get the following (excerpts):
Success... host via TCP/IP
...
Ssl_cipher DHE-RSA-AES256-SHA
...
Ssl_version TLSv1
I believe the main difference (relevant to this problem) between PHP
5.2.17 and PHP 5.3.5 is that 5.2.17 uses libmysql.dll and 5.3.5 uses
built-in mysqlnd (native driver). So, it appears that libmysql.dll
works with SSL, while built-in mysqlnd (native driver) cannot use SSL.
The Windows binaries build has no way to disable/enable mysqlnd and/or
libmysql. If mysqlnd is not going to work with SSL, there should at
least be another option that can be configured at runtime with the
options file.
Test script:
---------------
<?php $mysqli = new mysqli();
$mysqli->init();
if (!$mysqli->options(MYSQLI_READ_DEFAULT_FILE,
'C:/Program Files/MySQL/my.ini')) {
die('Setting MYSQLI_READ_DEFAULT_FILE failed');
}
if (!$mysqli->options(MYSQLI_READ_DEFAULT_GROUP, 'mysql')) {
die('Setting MYSQLI_READ_DEFAULT_GROUP failed');
}
if (!$mysqli->real_connect('host', 'user', 'pass',
'mydb', 3306, NULL, MYSQLI_CLIENT_SSL)) {
echo 'Connect Error (' . mysqli_connect_errno() . ')' . "<br />\n";
}
else {
echo 'Success... ' . $mysqli->host_info . "<br />\n";
$sql = "show status like '%ssl%'";
$result = $mysqli->query($sql);
while ($row = $result->fetch_array()) {
echo $row[0] . ' ' . $row[1] . "<br />\n";
}
if ($result) { $result->close(); }
}
$mysqli->close(); ?>
Expected result:
----------------
Expect a new SSL connection and a result set from the query indicating
that the connection is indeed via SSL/TLS.
Actual result:
--------------
Warning: (28000/1045): Access denied ... Connect Error (1045).
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=53795&edit=1
