SSL自签名证书，可通过PHP与Mysql连接 [英] SSL self-signed certifications to connect with Mysql with PHP

问题描述

摘要:使用Google Cloud SQL提供的自签名证书时，PHP提供错误.

Summary: PHP gives an error when using self-signed certificates as provided by Google Cloud SQL.

详细信息:我正在尝试使用PHP的mysqli库连接到Google Cloud SQL的mysql实例.

Details: I am trying to connect to Google Cloud SQL's mysql instance using PHP's mysqli library.

$db = mysqli_init();
mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$db->ssl_set('client-key.pem', 'client-cert.pem', 'server-ca.pem', NULL, NULL);
$query = mysqli_real_connect ($db, $host, $user, $pass, $dbname, 3306, NULL, MYSQLI_CLIENT_SSL);

据我了解，Google云允许自签名证书，我从此处下载了client-key.pem，client-cert.pem，server-ca.pem文件.

As I understand Google cloud allows self-signed certificates, from where I downloaded the client-key.pem, client-cert.pem, server-ca.pem files.

验证证书时，我从PHP收到以下错误:

I get the following error from PHP when validating the certificate:

mysqli_real_connect(): Peer certificate CN=`<project_name>' did not match expected CN=`<db_IP>'

根据我到目前为止的研究，似乎我需要一种方法来禁用Verify_Peer检查，这显然是PHP所不允许的.您能否验证一下和/或提供将SSL与PHP中的Google Cloud SQL一起使用的方法?

Based on my research so far, it seems I need a way to disable Verify_Peer check, which apparently PHP doesn't allow. Can you please validate this and/or offer a way to use SSL with Google Cloud SQL from PHP?

谢谢.

推荐答案

看起来PHP中的2个相关bug仍未完全解决:#71003 .

It looks like the 2 relevant bugs in PHP are still not entirely resolved: #68344 and #71003.

这篇关于SSL自签名证书，可通过PHP与Mysql连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！