php 5.x 7.x，ssl pdo错误:对等证书CN ='someName'与预期的CN ='someIP'不匹配 [英] php 5.x 7.x, ssl pdo error: Peer certificate CN=`someName' did not match expected CN='someIP'

查看：113 发布时间：2020/5/25 6:04:06 mysql ssl pdo php-7 php-5.6

本文介绍了php 5.x 7.x，ssl pdo错误:对等证书CN ='someName'与预期的CN ='someIP'不匹配的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我们在端口3306上有一台带有mysql的服务器.我们有证书和密钥，我们尝试连接到该服务器.但是我们看到了这样的问题:

We have a server with mysql on port 3306. We have sertifications and key and we try to connect to this server. But we see such problem:

对等证书CN ='SomeName'与预期的CN ='someIP'不匹配

Peer certificate CN='SomeName' did not match expected CN='someIP'

我已经阅读了很多文章，但是找不到PDO PHP的答案.最有趣的是，SQLYog可以连接所有设置.

I've read a lot of articles and can't find answer for PDO PHP. The most interesting is that the SQLYog could connect with all settings.

我已阅读到我可以禁用verify_peer_names(我希望我理解了peer_names ...)，但是仅当我们使用openssl_ {functions}或mysqli而不是PDO时才可以.这两种选择都不适合我.我需要PDO.

I've read that I verify_peer_names can be disabled (I hope I understand what is peer_names...), but only if we use openssl_{functions} or mysqli, not PDO. Both options are not appropriate for me. I need PDO.

我试图做的事情:

在php版本之间切换.它对我有帮助，但我需要5.6或更高.对于php 7.0，同样的错误.
找到openssl和pdo的另一个版本；很快我就知道这是个坏主意:)
在php.ini中找到了一些设置，但没有针对我的问题的设置，仅用于创建ssl.

我的连接代码:

$dbInfo = array
(
'dsn' => 'mysql:host=123.45.67.890;dbname=someDB;port=3306',
'user' => 'user',
'pass' => 'userpassword'
);

$con = new PDO
    (
    $dbInfo['dsn'], $dbInfo['user'], $dbInfo['pass'], 
    array(
        PDO::MYSQL_ATTR_SSL_CIPHER => 'AES256-SHA',
        PDO::MYSQL_ATTR_SSL_CA     => 'SSLCert/ca-cert.pem',
        PDO::MYSQL_ATTR_SSL_KEY    => 'SSLCert/client-key.pem',
        PDO::MYSQL_ATTR_SSL_CERT   => 'SSLCert/client-cert.pem',
    )
    );

echo 'Connection OK!';

推荐答案

我们通过不使用IP地址，而是使用计算机(+域名)名称作为CN和连接设置来使其用于内部自签名证书.

We got it working for our internal self-signed certs by not using IP addresses but machine(+domain) names as the CN and connection settings.

因此，将'dbServer1.company.local'用作服务器证书的CN，并将相同的'dbServer1.company.local'地址用作DSN的PDO连接的主机部分.如果愿意，可以只使用'dbServer1'，但请确保在两个地方都使用它.

So, put 'dbServer1.company.local' as the CN for the server certificate and use the same 'dbServer1.company.local' address as the host part of the DSN for the PDO connection. If you like, you can just use 'dbServer1' but make sure you use it in both places.

这将带您前进:

$pdo_options = array(
    PDO::MYSQL_ATTR_SSL_KEY => 'path/to/client-key.pem',
    PDO::MYSQL_ATTR_SSL_CERT => 'path/to/client-cert.pem',
    PDO::MYSQL_ATTR_SSL_CA => 'path/to/ca.pem'
);

PDO::__construct('mysql:host=dbServer1.company.local;dbname=someDB','someUser', 'somePass', $pdo_options);

我们管理自己的DNS，因此解决dbServer1.company.local并不是问题，但是如果您的网络服务器无法解决它，或者您不/无法管理DNS条目，请对文件:

We manage our own DNS so resolving dbServer1.company.local is not an issue but if your webserver cannot resolve it you or you don't/can't manage the DNS entry, then hack in something like the following to your etc/hosts file:

10.5.5.20 dbServer1.company.local

或

10.5.5.20 dbServer1

这篇关于php 5.x 7.x，ssl pdo错误:对等证书CN ='someName'与预期的CN ='someIP'不匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

php 5.x 7.x，ssl pdo错误:对等证书CN ='someName'与预期的CN ='someIP'不匹配 [英] php 5.x 7.x, ssl pdo error: Peer certificate CN=`someName' did not match expected CN='someIP'

问题描述

推荐答案

相关文章

数据库最新文章

热门教程

热门工具

登录关闭

php 5.x 7.x，ssl pdo错误:对等证书CN ='someName'与预期的CN ='someIP'不匹配 [英] php 5.x 7.x, ssl pdo error: Peer certificate CN=`someName&#39; did not match expected CN=&#39;someIP&#39;

问题描述

推荐答案

相关文章

数据库最新文章

热门教程

热门工具

登录 关闭

php 5.x 7.x，ssl pdo错误:对等证书CN ='someName'与预期的CN ='someIP'不匹配 [英] php 5.x 7.x, ssl pdo error: Peer certificate CN=`someName' did not match expected CN='someIP'

登录关闭