从 PHP 使用 SSL 连接到远程 MySQL 服务器
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9738712/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Connect to remote MySQL server with SSL from PHP
提问by Alexey Bulash
I'm trying to connect to remote MySQL server with SSL from PHP using mysql_connect:
我正在尝试使用 mysql_connect 从 PHP 连接到带有 SSL 的远程 MySQL 服务器:
$link = mysql_connect(
"ip",
"user",
"pass",
true,
MYSQL_CLIENT_SSL
)
And get worst error ever:
并得到有史以来最严重的错误:
SSL connection error
I've added following params into my.cnf:
我在 my.cnf 中添加了以下参数:
[client]
ssl-ca =/etc/mysql/ssl/ca-cert.pm
ssl-cert =/etc/mysql/ssl/client-cert.pem
ssl-key =/etc/mysql/ssl/client-key.pem
So I can connect to remote mysql successfully from terminal just using
所以我可以从终端成功连接到远程 mysql 只需使用
#mysql -h ip -u user -p
So connection to mysql server do work and as far as I understand problem is in php/mysql cooperation. Probably I'm missing some params.
所以连接到 mysql 服务器确实有效,据我所知问题出在 php/mysql 合作中。可能我缺少一些参数。
Unfortunately I can't use mysqli lib because have too many working adapters for pdo_mysql.
不幸的是,我无法使用 mysqli lib,因为 pdo_mysql 的工作适配器太多。
My PHP Version is 5.3.6-13ubuntu3.6 MySQL version is 5.1.61
我的 PHP 版本是 5.3.6-13ubuntu3.6 MySQL 版本是 5.1.61
Also I've added
我也添加了
mssql.secure_connection = On
to my php.ini
到我的 php.ini
Help will be appreciated!
帮助将不胜感激!
回答by Norbert
"Unfortunately I can't use mysqli lib because have too many working adapters for pdo_mysql."
“不幸的是,我无法使用 mysqli lib,因为 pdo_mysql 的工作适配器太多。”
You're using the old MySQL extension ("mysql_connect"), which is no longer under development (maintenance only). Since you're using PHP 5, you may want to use MySQLi, the MySQL ImprovedExtension. Among other things, it has an object-oriented interface, support for prepared/multiple statements and has enhanced debugging capabilities. You can read more about converting to MySQLi here; more about the mysqli class itself here.
您正在使用旧的 MySQL 扩展(“mysql_connect”),它不再处于开发阶段(仅限维护)。由于您使用的是 PHP 5,您可能需要使用MySQLi,即 MySQL改进的扩展。除其他外,它具有面向对象的接口,支持准备/多语句并增强了调试功能。您可以在此处阅读有关转换为 MySQLi 的更多信息;更多关于 mysqli 类本身在这里。
Here is some sample code that may help you get started:
以下是一些可以帮助您入门的示例代码:
<?php
ini_set ('error_reporting', E_ALL);
ini_set ('display_errors', '1');
error_reporting (E_ALL|E_STRICT);
$db = mysqli_init();
mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$db->ssl_set('/etc/mysql/ssl/client-key.pem', '/etc/mysql/ssl/client-cert.pem', '/etc/mysql/ssl/ca-cert.pem', NULL, NULL);
$link = mysqli_real_connect ($db, 'ip', 'user', 'pass', 'db', 3306, NULL, MYSQLI_CLIENT_SSL);
if (!$link)
{
die ('Connect error (' . mysqli_connect_errno() . '): ' . mysqli_connect_error() . "\n");
} else {
$res = $db->query('SHOW TABLES;');
print_r ($res);
$db->close();
}
?>
If PDO_MYSQLis really what you want, then you need to do something like this:
如果PDO_MYSQL真的是你想要的,那么你需要做这样的事情:
<?php
$pdo = new PDO('mysql:host=ip;dbname=db', 'user', 'pass', array(
PDO::MYSQL_ATTR_SSL_KEY =>'/etc/mysql/ssl/client-key.pem',
PDO::MYSQL_ATTR_SSL_CERT=>'/etc/mysql/ssl/client-cert.pem',
PDO::MYSQL_ATTR_SSL_CA =>'/etc/mysql/ssl/ca-cert.pem'
)
);
$statement = $pdo->query("SHOW TABLES;");
$row = $statement->fetch(PDO::FETCH_ASSOC);
echo htmlentities($row['_message']);
?>
However, only recent versions of PHP have SSL support for PDO, and SSL options are silently ignored in (at least) version 5.3.8: see the bug report.
但是,只有最新版本的 PHP 对 PDO 提供 SSL 支持,并且(至少)版本 5.3.8 中会默默忽略 SSL 选项:请参阅错误报告。
Good luck!
祝你好运!
回答by Marcus Adams
Change [client]header to [mysqld]. You need to setup server side certificates there, not client side.
将[client]标题更改为[mysqld]. 您需要在那里设置服务器端证书,而不是客户端。
See a full examplefrom MySQL documentation.
请参阅MySQL 文档中的完整示例。
Also, see this similar question: PHP to MySQL SSL Connections
另外,请参阅这个类似的问题:PHP to MySQL SSL Connections
Server certificates allow the server to respond to SSL requests, and they don't require the client to have a certificate. Any time you connect to a web site via HTTPS, you are using the server's certificates to verify that you are connecting to the correct server, and you are using the certificate's public key for encryption.
服务器证书允许服务器响应 SSL 请求,并且不需要客户端拥有证书。任何时候您通过 HTTPS 连接到网站时,您都是在使用服务器的证书来验证您是否连接到了正确的服务器,并且您正在使用证书的公钥进行加密。
Client certificates allow a server to authenticate the client.
客户端证书允许服务器对客户端进行身份验证。
In your case, you want server certificates. You want to install the certificates on the server (MySQL), and the client (PHP) will be able to authenticate the server and use the certificate's public key for setting up encryption. Client certificates are fairly rare.
在您的情况下,您需要服务器证书。您想在服务器 (MySQL) 上安装证书,客户端 (PHP) 将能够对服务器进行身份验证并使用证书的公钥来设置加密。客户端证书相当少见。
If you do wish to utilize client certificates, you must use mysqlior PDO.
回答by Tamilarasan
if your using PHP 7.3 and AWS PEM file , Use below code to connect DB with ssl
如果您使用 PHP 7.3 和 AWS PEM 文件,请使用以下代码将 DB 与 ssl 连接
UR AWS PEM FILE PATH =/home/cert/rds2019.pem
$mysqli = mysqli_init();
$mysqli->ssl_set(NULL,NULL,'UR AWS PEM FILE PATH',NULL,'DHE-RSA-AES256-SHA');
$mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$mysqli->real_connect($dbHostName, $dbUserName, $dbPassword, $dataBaseName,PORT,NULL, MYSQLI_CLIENT_SSL);
return $mysqli;
返回 $mysqli;
For PDO Connection
用于 PDO 连接
$pdo = new PDO('mysql:host='.$dbHostName.';dbname='.$dataBaseName.'', $dbUserName, $dbPassword, array(
//PDO::MYSQL_ATTR_SSL_KEY =>NULL,
//PDO::MYSQL_ATTR_SSL_CERT=>NULL,
PDO::MYSQL_ATTR_SSL_CA =>'UR AWS PEM FILE PATH',
PDO::MYSQL_ATTR_SSL_CAPATH =>NULL,
PDO::MYSQL_ATTR_SSL_CIPHER =>'DHE-RSA-AES256-SHA',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
)
);
return $pdo;
