在将一个mysqli连接(使用SSL)与openssl _ *()函数结合在一个PHP文件中时,我遇到了奇怪的openssl问题。
$db = mysqli_init();
$db->real_connect('host', 'user', 'password', 'database', null, null, MYSQLI_CLIENT_SSL);
$keys = openssl_pkey_new();
$db->query("INSERT ...."); // <- errors occur here
如果我没有生成密钥,或者我没有插入数据库,或者在连接数据库时我没有使用MYSQLI_CLIENT_SSL,则没有问题。只有在组合mysqli SSL和其他一些PHP openssl函数时才会出现这些错误:
PHP Warning: mysqli::query(): SSL operation failed with code 1. OpenSSL Error messages:
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
PHP Warning: mysqli::query(): MySQL server has gone away in file.php on line 107
PHP Warning: mysqli::query(): Error reading result set's header in file.php on line 107
Error: 108: MySQL server has gone away
INSERT语句失败。
这是/etc/ssl/openssl.cnf(默认Debian Stretch)的内容:
HOME = .
RANDFILE = $ENV::HOME/.rnd
oid_section = new_oids
[ new_oids ]
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
[ ca ]
[ CA_default ]
policy = policy_match
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
string_mask = utf8only
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = AU
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = Some-State
localityName = Locality Name (eg, city)
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Internet Widgits Pty Ltd
organizationalUnitName = Organizational Unit Name (eg, section)
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64
emailAddress = Email Address
emailAddress_max = 64
[ req_attributes ]
challengePassword = A challenge password
challengePassword_min = 4
challengePassword_max = 20
unstructuredName = An optional company name
[ usr_cert ]
basicConstraints=CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = critical,CA:true
[ crl_ext ]
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
basicConstraints=CA:FALSE
nsComment = "OpenSSL Generated Certificate"
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
[ tsa ]
[ tsa_config1 ]
我在网上广泛搜索了一个常见的场景。不知道下一步该去哪儿。也许Stackoverflow上有人可以指出我正确的方向?
答案 0 :(得分:0)
啊显然我在PHP 7.0中遇到了bug。通过在使用openssl_ *方法后立即重复调用openssl_error_string()来解决它。
$db = mysqli_init();
$db->real_connect('host', 'user', 'password', 'database', null, null, MYSQLI_CLIENT_SSL);
$keys = openssl_pkey_new();
while (openssl_error_string() !== false);
$db->query("INSERT ...."); // <- no more errors occur here!
答案 1 :(得分:0)
您只需要为openssl_pkey_new()指定数组参数即可; 带有“ config”键,值是您的openssl配置文件。
因此它应该像: openssl_pkey_new(array('config'=>'/ etc / ssl / openssl.cnf'));