mysqli_real_connect()获取SSL3_GET_SERVER_CERTIFICATE:证书验证失败 [英] mysqli_real_connect() getting SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
问题描述
我们刚刚从 php 5.4 升级到了 php 5.6 ,并且使用MySQLi和SSL的MySQL连接一切正常.
We just upgraded to php 5.6 from php 5.4, and everything was working fine with our MySQL connecting using MySQLi and SSL.
我们的联系如下:
mysqli_real_connect($db, $host, $username, $password, $database, $port, $socket, MYSQLI_CLIENT_SSL);
mysqli_set_charset($db, "utf8");
但是,现在,当我们尝试使用php 5.6通过SSL连接到MySQL时,会得到:
Howerver, now when we try and connect to MySQL over SSL using php 5.6 we are getting:
警告:mysqli_real_connect():SSL操作失败,代码为1. OpenSSL错误消息:错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败 /MySQLConnection.php,第29行
Warning: mysqli_real_connect(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /MySQLConnection.php on line 29
警告:mysqli_real_connect():无法使用SSL连接到MySQL 在第29行的/MySQLConnection.php中
Warning: mysqli_real_connect(): Cannot connect to MySQL by using SSL in /MySQLConnection.php on line 29
警告:mysqli_real_connect():[2002](尝试通过 第29行的/MySQLConnection.php中的tcp://mysql1.ourdomain.com:3306)
Warning: mysqli_real_connect(): [2002] (trying to connect via tcp://mysql1.ourdomain.com:3306) in /MySQLConnection.php on line 29
警告:mysqli_real_connect():(HY000/2002):在/MySQLConnection.php中 在第29行
Warning: mysqli_real_connect(): (HY000/2002): in /MySQLConnection.php on line 29
我尝试设置:
mysqli_options($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, false);
但这无济于事.
我添加了:
$mysql_certs_path = "/full/path/to/certs/mysql";
mysqli_ssl_set($db, $mysql_certs_path . "/client-key.pem", $mysql_certs_path . "/client-cert.pem", $mysql_certs_path . "/ca-cert.pem", null, null);
仍然得到:
警告:mysqli_real_connect():SSL操作失败,代码为1. OpenSSL错误消息:错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败 /MySQLConnection.php,第31行
Warning: mysqli_real_connect(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in /MySQLConnection.php on line 31
Warning: mysqli_real_connect(): Cannot connect to MySQL by using SSL in /MySQLConnection.php on line 31
推荐答案
我发生了类似的事情.当我将PHP升级到5.6时,它起作用了.但是当我输入:
Had something similar to this happen to me. When I upgraded PHP to 5.6, it worked. But when I entered:
sudo apt-get install php5-mysqlnd
在Ubuntu 15.04上,即使它与libmysql驱动程序一起使用,SSL to AWS RDS仍停止工作.正在运行:
On Ubuntu 15.04, the SSL to AWS RDS stopped working, even though it worked with the libmysql driver. Running:
sudo apt-get install php5-mysql
安装了旧的驱动程序,它再次开始工作.据我所知,它无法通过对等名称验证来连接到RDS.我不知道如何解决此问题,并且由于它使用PHP流进行连接,因此设置与传入的权限无关.
Installed the old drivers and it started working again. Near as I can figure out, it's failing the peer-name validation for connecting to RDS. I do not know how to fix that, and because it uses PHP streams for its connection, the settings don't seem to matter that you pass in.
这是一个已知的错误:
https://bugs.php.net/bug.php?id=68344
所以我写了这个方法,从这里修改:如何知道MySQLnd是否是活动驱动程序?
So I wrote this method, modified from here: How to know if MySQLnd is the active driver?
public function getMySQLIType()
{
$mysqlType = [
'mysql' => false,
'mysqli' => false,
'mysqlnd' => false,
];
if (function_exists('mysql_connect')) {
$mysqlType['mysql'] = true;
}
if (function_exists('mysqli_connect')) {
$mysqlType['mysqli'] = true;
}
if (function_exists('mysqli_get_client_stats')) {
$mysqlType['mysqlnd'] = true;
}
return $mysqlType;
}
如果该数组对mysqlnd返回true,则禁用SSL.如果返回false,则启用它.到目前为止,它仍然有效.是的,这是一个黑客修复程序,但我不知道如何合法地解决此问题.
If the array returns true for mysqlnd, I disable SSL. If returns false, then I enable it. Thus far, it works. Yes, this is a hack fix but I do not know how to legitimately fix this issue.
这篇关于mysqli_real_connect()获取SSL3_GET_SERVER_CERTIFICATE:证书验证失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
