我必须从旧的PHP 5.3.3应用程序连接到MySQL 8。我没有升级PHP版本的权限。
要求是连接必须通过SSL,但不能使用SSL身份验证。 MySQL服务器配置为使用密码进行连接,但完全不需要客户端提供任何SSL身份验证证书。
我使用控制台命令来验证从我的机器到服务器的SSL连接是否有效:
mysql -u username -p -h domain.com --ssl-mode=REQUIRED
mysql> \s
SSL: Cipher in use is DHE-RSA-AES128-GCM-SHA256
mysql> SHOW STATUS LIKE 'Ssl_cipher';
+---------------+---------------------------+
| Variable_name | Value |
+---------------+---------------------------+
| Ssl_cipher | DHE-RSA-AES128-GCM-SHA256 |
+---------------+---------------------------+
1 row in set (0.05 sec)
因此,当前连接使用服务器证书加密,无需任何CA验证即可静默接受。
然后我尝试使用mysqli在PHP中重现它:
$mysqli = mysqli_init();
// I've no idea how to tell PHP to ignore all certificates but still use SSL as provided by the server;
// even passing random crap to ssl_set() doesn't change anything at all - not even failed connection
$mysqli->ssl_set(null, null, null, null, null);
$mysqli->real_connect($mysqliDomain, "username", "pass", "db", "3306", null, MYSQLI_CLIENT_SSL);
// Not sure about MYSQLI_CLIENT_SSL - PHP doc says it shouldn't be used from application side; but it doesn't work anyway, no matter if I use it or not.
// In addtion, disabling server cert verification MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
// is not supported in PHP 5.3.3
$res = $mysqli->query("SHOW STATUS LIKE 'Ssl_cipher';");
while ( $row = $res->fetch_array() ) {
print_r($row);
}
无论我尝试什么,结果都是空的密码值,这意味着连接未加密:
Array ( [0] => Ssl_cipher [Variable_name] => Ssl_cipher [1] => [Value] => )
如何解决这个问题?