Edit report at https://bugs.php.net/bug.php?id=55283&edit=1
ID: 55283
Comment by: spam2 at rhsoft dot net
Reported by: aleksey at wepay dot com
Summary: SSL options set by mysqli_ssl_set ignored for MySQLi
persistent connections
Status: Verified
Type: Bug
Package: MySQLi related
Operating System: Cent OS
PHP Version: 5.3.6
Assigned To: mysql
Block user comment: N
Private report: N
New Comment:
well i guess this change results in connections hanging around and
after a hughe timeout filling my mailbox with cron-mails since
upgraded to 5.3.7 using MYSQLND so "Changing mysqli to make libmysql happy will
cause leaks with mysqlnd" seems to be true -> but why done this change if
knowing it?
mysqlnd 5.0.8-dev - 20102224 - $Revision: 310735 $
without ssl_set() all works fine but unencyrpted
how can i revert this change for the 5.3.7-final.tar.bz2?
___________
MySQL server has gone away
$this->ssl_key = '/etc/mysql-ssl/client.pem';
$this->ssl_crt = '/etc/mysql-ssl/client.pem';
$this->ssl_ca = '/etc/mysql-ssl/ca.crt';
$>conn->ssl_set($this->ssl_key, $this->ssl_crt, $this->ssl_ca, NULL, NULL);
Previous Comments:
------------------------------------------------------------------------
[2011-08-05 13:39:28] and...@php.net
Automatic comment from SVN on behalf of andrey
Revision: http://svn.php.net/viewvc/?view=revision&revision=314330
Log: Fix for bug #55283 SSL options set by mysqli_ssl_set ignored for MySQLi
persistent connections
------------------------------------------------------------------------
[2011-08-05 13:17:59] u...@php.net
The actual issue here is in mysqlnd (or in the mysqli user API, however you put
it :-)): if using mysqli_init() to create a connection object we don't yet know
if it needs to be persistent or not. mysqli was changed to meet the needs of
mysqlnd. Unfortunately, this has an unforeseen side-effect on mysqli @ libmysql
[@ SSL]. Changing mysqli to make libmysql happy will cause leaks with mysqlnd.
This needs some think time.
------------------------------------------------------------------------
[2011-08-05 11:53:47] u...@php.net
Reproducible with PHP 5.3.7RC4-dev (cli) (built: Jul 26 2011 17:35:20) (DEBUG)
using *libmysql* to connect to 5.1.45-debug-log
Configure Command => './configure' '--with-mysql=mysqlnd'
'--with-mysqli=/usr/local/mysql/bin/mysql_config'
'--with-pdo-mysql=/usr/local/mysql/bin/mysql_config' '--enable-debug'
'--enable-maintainer-zts' '--enable-mysqlnd-ms' '--enable-mysqlenterprise'
'--enable-mysqlnd-uh' '--enable-pcntl'
nixnutz@linux-fuxh:~/php/php-src/branches/PHP_5_3> sapi/cli/php bar.php
array(2) {
[0]=>
string(10) "Ssl_cipher"
[1]=>
string(18) "DHE-RSA-AES256-SHA"
}
array(2) {
[0]=>
string(10) "Ssl_cipher"
[1]=>
string(7) "RC4-MD5"
}
------------------------------------------------------------------------
[2011-07-26 00:25:00] aleksey at wepay dot com
Please note that while the example shows the problem with the cipher, all other
parameters are also ignored. In particular, ssl cert info is critical.
------------------------------------------------------------------------
[2011-07-26 00:20:58] aleksey at wepay dot com
Description:
------------
The MySQLi ignores SSL options set with mysqli_ssl_set() for persistent
connections (works fine for non-persistent connections).
To reproduce:
1) Configure MySQL server with SSL support
(http://dev.mysql.com/doc/refman/5.0/en/secure-connections.html)
2) Run the attached test script
Test script:
---------------
<?
$host = 'localhost';
$user = 'root';
$pass = '';
$db = null;
$port = 3306;
$flags = MYSQLI_CLIENT_SSL;
/* persistent connection */
$link = mysqli_init();
mysqli_ssl_set($link, null, null, null, null, "RC4-MD5");
if (mysqli_real_connect($link, 'p:' . $host, $user, $pass, $db, $port, null,
$flags)) {
$r = $link->query("SHOW STATUS LIKE 'Ssl_cipher'");
var_dump($r->fetch_row());
}
/* non-persistent connection */
$link = mysqli_init();
mysqli_ssl_set($link, null, null, null, null, "RC4-MD5");
if (mysqli_real_connect($link, $host, $user, $pass, $db, $port, null, $flags)) {
$r = $link->query("SHOW STATUS LIKE 'Ssl_cipher'");
var_dump($r->fetch_row());
}
Expected result:
----------------
array(2) {
[0]=>
string(10) "Ssl_cipher"
[1]=>
string(18) "RC4-MD5"
}
array(2) {
[0]=>
string(10) "Ssl_cipher"
[1]=>
string(7) "RC4-MD5"
}
Actual result:
--------------
array(2) {
[0]=>
string(10) "Ssl_cipher"
[1]=>
string(18) "DHE-RSA-AES256-SHA"
}
array(2) {
[0]=>
string(10) "Ssl_cipher"
[1]=>
string(7) "RC4-MD5"
}
------------------------------------------------------------------------
--
Edit this bug report at https://bugs.php.net/bug.php?id=55283&edit=1
