Skip to content
Advertisement

PHP mysqli and SSL

I am trying to configure Galera Cluster over a WAN (VPN is not an option). For obvious reasons I am setting up the connections to require SSL keys, and am having difficulties getting the application to connect. I can successfully connect using PDO, but cannot get mysqli to work. The setup will be:

USA location:

  • mainWebServer: openSUSE Leap 15.2, Apache 2.4.33 (named virtual host myserver.mycompany.com)
  • myServer1: Ubuntu 20.04, MySQL Galera Cluster 8.0.19
  • myDevBox: openSUSE Tumbleweed, running PHP CLI to debug connection issues

China location:

  • myServer2: Ubuntu 20.04, MySQL Galera Cluster 8.0.19, Apache 2.4 current
  • myServer3: clone of myServer2

The Galera cluster name is myServer, and the node names are myServerX corresponding to their actual hostname.

PHP version info:

JavaScript

MySQL server version info:

JavaScript

Code:

JavaScript

Output:

JavaScript

By the looks of it mysqli is ignoring my MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT flag. I was able to successfully connect with PDO using PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false – is there a way to make mysqli work? Unfortunately this is to support legacy application code that still uses mysqli and there is no way to refactor by the time this needs to go live. I believe creating separate CA certs would break the replication connection as they all have different hostnames.

Advertisement

Answer

You are passing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT as the 7th parameter, however that is the socket parameter, flags is the 8th. Try passing a null for the 7th and bumping MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to the 8th.

User contributions licensed under: CC BY-SA
3 People found this is helpful
Advertisement