Edit report at http://bugs.php.net/bug.php?id=54962&edit=1
ID: 54962
Updated by: johan...@php.net
Reported by: sukarna_0 at yahoo dot co dot in
Summary: either real_connect or ssl_set is not working
properly
Status: Assigned
Type: Bug
Package: MySQLi related
Operating System: CentOS5.5
PHP Version: 5.3SVN-2011-05-31 (snap)
Assigned To: mysql
Block user comment: N
Private report: N
New Comment:
What happens is the following: Your Windows version uses mysqlnd as base
library. mysqlnd uses PHP's streams and openssl extension for doing the
communication. These demand that the verify_peer option is set else the ssl_ca
will be ignored. That is fine.
An issue is that verify_peer is only set when manually setting
MYSQLI_OPT_SSL_VERIFY_SERVER_CERT to true, mysqli_ssl_set won't do that. so
that part has to be fixed. Need to do some research under what conditions we
can do set verify_peer automatically.
Previous Comments:
------------------------------------------------------------------------
[2011-06-08 02:23:42] johan...@php.net
I think there is a feature difference between libmysql and mysqlnd. When using
MySQLnd you can use stream wrappers to load certificates, with libmysql you are
limited to local files. We will verify that.
------------------------------------------------------------------------
[2011-05-31 11:57:56] sukarna_0 at yahoo dot co dot in
Description:
------------
I have a code as follows.
$ssl_ca = 'https://rds.amazonaws.com/doc/mysql-ssl-ca-cert.pem';
$mysqli->ssl_set(null, null, $ssl_ca, null, null);
$result = $mysqli->real_connect($location, $usr, $password, $dbname, $port,
null, MYSQLI_CLIENT_SSL);
This code works with PHP 5.3.5 in windowsXP sp3 and never throws any error even
if $ssl_ca contains a wrong path.
And this code always throws error- '(HY000/2026): SSL connection error' in
CentOS 5.5 32bit(PHP 5.3.5)
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/bug.php?id=54962&edit=1
