我正在尝试使用提供的客户端证书的PHP PDO连接到Amazon RDS上的MySQL数据库。实际证书位于:var/www/includes/database/certs/cert.pem
我正在设置SSL属性:
$dbh = new PDO('mysql:host=example.com;dbname=example', username, password, array(
PDO::MYSQL_ATTR_SSL_CERT=>'/var/www/includes/database/certs/cert.pem'
));
var_dump($db->query("SHOW STATUS LIKE 'Ssl_cipher';")->fetchAll());
/* Output */
#array(1) {
# [0]=>
# array(4) {
# ["Variable_name"]=>
# string(10) "Ssl_cipher"
# [0]=>
# string(10) "Ssl_cipher"
# ["Value"]=>
# string(10) "AES256-SHA"
# [1]=>
# string(10) "AES256-SHA"
# }
#}
这使它看起来像它的工作。 然而,如果我将属性更改为不正确的路径,例如/var/www/includes/database/a,我仍然会获得相同的确切密码输出,并且没有错误。很奇怪。现在目录/var/www/includes/database/a不存在。当我创建该文件夹a并运行上面的脚本时,我终于得到了SSL错误:
#PHP Warning: PDO::__construct(): Unable to set local cert chain file `/var/www/includes/database/a'; Check that your cafile/capath settings include details of your certificate and its issuer in /var/www/includes/database/db_connect.php on line 11
#PHP Warning: PDO::__construct(): failed to create an SSL handle in /var/www/includes/database/db_connect.php on line 11
#PHP Warning: PDO::__construct(): Cannot connect to MySQL by using SSL in /var/www/includes/database/db_connect.php on line 11
#PHP Warning: PDO::__construct(): [2002] (trying to connect via tcp://example.com:3306) in /var/www/includes/database/db_connect.php on line 11
#PHP Fatal error: Uncaught exception 'PDOException' with message 'SQLSTATE[HY000] [2002] ' in /var/www/includes/database/db_connect.php:11
答案 0 :(得分:0)
我以为我提供了一些输入,因为当我尝试将MySQL客户端从Ubuntu linux连接到AWS RDS MySQL实例时,我在底部有相同的SSL错误消息。我复制了AWS页面中的说明,并提出了几点要说的内容:
您的问题:"我怎样才能确定PDO是否通过SSL连接(除了wireshark)?"
您可以在MySQL用户帐户上设置要求:
在上授予使用权。 TO'用户名' @'%'要求SSL;
如果您使用默认的PDO连接说明,请确保不要包含所有密钥/证书/证书。对于AWS RDS MySQL,您只使用CA语句(类似于使用Sequel Pro GUI时的操作):
<?php
$pdo = new PDO(
'mysql:host=hostname;dbname=ssldb',
'username',
'password',
array(
PDO::MYSQL_ATTR_SSL_CA =>'/etc/mysql/ssl/rds-combined-ca-bundle.pem'
)
);