Bug #53795 [Asn]: Connect Error from MySqli (mysqlnd) when using SSL

Mon, 24 Jan 2011 02:13:13 -0800 

Edit report at http://bugs.php.net/bug.php?id=53795&edit=1

 ID:                 53795
 Updated by:         and...@php.net
 Reported by:        dave dot kelly at dawkco dot com
 Summary:            Connect Error from MySqli (mysqlnd) when using SSL
 Status:             Assigned
 Type:               Bug
 Package:            MySQLi related
 Operating System:   Windows
 PHP Version:        5.3.5
 Assigned To:        mysql
 Block user comment: N
 Private report:     N

 New Comment:

No, mysqlnd doesn't use my.ini/my.cnf files, as libmysql did. You have
to set your options manually.


Previous Comments:
------------------------------------------------------------------------
[2011-01-24 10:21:41] u...@php.net

mysqlnd does not read default files, AFAIK. I think Andrey wants to
deprecate that, Andrey?

------------------------------------------------------------------------
[2011-01-20 01:59:47] dave dot kelly at dawkco dot com

Description:
------------
- Using PHP 5.3.5 Windows binaries (Zip package).

- extension = php_mysqli.dll is enabled in php.ini.

- trying to use mysqli::real_connect, passing MYSQLI_CLIENT_SSL in the
flags parameter.



It returns the following error:



Warning: mysqli::real_connect() [mysqli.real-connect.html]:
(28000/1045): Access denied for user 'user'@'host' (using password: YES)
in C:\Apache22\htdocs\test.php on line 25

Connect Error (1045)



If I switch to PHP 5.2.17 Windows binaries (Zip package), using the
exact same settings and script, I get the following (excerpts):



Success... host via TCP/IP

...

Ssl_cipher DHE-RSA-AES256-SHA

...

Ssl_version TLSv1



I believe the main difference (relevant to this problem) between PHP
5.2.17 and PHP 5.3.5 is that 5.2.17 uses libmysql.dll and 5.3.5 uses
built-in mysqlnd (native driver).  So, it appears that libmysql.dll
works with SSL, while built-in mysqlnd (native driver) cannot use SSL. 
The Windows binaries build has no way to disable/enable mysqlnd and/or
libmysql.  If mysqlnd is not going to work with SSL, there should at
least be another option that can be configured at runtime with the
options file.



Test script:
---------------
<?php $mysqli = new mysqli();

$mysqli->init();

if (!$mysqli->options(MYSQLI_READ_DEFAULT_FILE,

    'C:/Program Files/MySQL/my.ini')) {

  die('Setting MYSQLI_READ_DEFAULT_FILE failed');

}

if (!$mysqli->options(MYSQLI_READ_DEFAULT_GROUP, 'mysql')) {

  die('Setting MYSQLI_READ_DEFAULT_GROUP failed');

}

if (!$mysqli->real_connect('host', 'user', 'pass',

    'mydb', 3306, NULL, MYSQLI_CLIENT_SSL)) {

  echo 'Connect Error (' . mysqli_connect_errno() . ')' . "<br />\n";

}

else {

  echo 'Success... ' . $mysqli->host_info . "<br />\n";

  $sql = "show status like '%ssl%'";

  $result = $mysqli->query($sql);

  while ($row = $result->fetch_array()) {

    echo $row[0] . ' ' . $row[1] . "<br />\n";

  }

  if ($result) { $result->close(); }

}

$mysqli->close(); ?>

Expected result:
----------------
Expect a new SSL connection and a result set from the query indicating
that the connection is indeed via SSL/TLS.

Actual result:
--------------
Warning: (28000/1045): Access denied ... Connect Error (1045).


------------------------------------------------------------------------



-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53795&edit=1

Reply via email to