3
我有一些奇怪的问题,建立使用PHP的SSL连接。 我有网络和数据库服务器。在两者上我都通过openssl生成了证书。他们完全一样。MYSQLi和SSL连接到数据库服务器
所以我想用mysql命令从Web服务器连接:
mysql -h 10.1.1.1 -uroot -p
Password
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 71
Server version: 5.5.5-10.1.19-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
所以现在我想看看它是否真的是SSL:
mysql> status;
--------------
mysql Ver 14.14 Distrib 5.6.33, for Linux (x86_64) using EditLine wrapper
Connection id: 71
Current database:
Current user: [email protected]
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current pager: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.5.5-10.1.19-MariaDB MariaDB Server
Protocol version: 10
Connection: 10.1.1.1 via TCP/IP
Server characterset: latin1
Db characterset: latin1
Client characterset: utf8
Conn. characterset: utf8
TCP port: 3306
Uptime: 1 hour 6 min 51 sec
Threads: 1 Questions: 153 Slow queries: 0 Opens: 21 Flush tables: 1 Open tables: 15 Queries per second avg: 0.038
--------------
mysql>
所以我看到连接已建立。我写了一些PHP脚本连接到我的数据库:
<?php
ini_set ('error_reporting', E_ALL);
ini_set ('display_errors', '1');
error_reporting (E_ALL|E_STRICT);
$db = mysqli_init();
mysqli_options ($db, MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$db->ssl_set('/etc/mysql/newcerts/client-key-rsa.pem', '/etc/mysql/newcerts/client-cert.pem', '/etc/mysql/newcerts/ca-cert.pem', NULL, NULL);
$link = mysqli_real_connect ($db, '10.1.1.1', 'root', 'xxxxxx', 'mysql', 3306, NULL, MYSQLI_CLIENT_SSL);
if (!$link)
{
die ('Connect error (' . mysqli_connect_errno() . '): ' . mysqli_connect_error() . "\n");
} else {
$res = $db->query('SHOW TABLES;');
print_r ($res);
$db->close();
}
?>
但现在当我跑步时我的web服务器我得到这个错误该脚本:
[[email protected] config]# php test.php
Warning: mysqli_real_connect(): Unable to locate peer certificate CN in /home/extranet/app/config/test.php on line 10
Warning: mysqli_real_connect(): Cannot connect to MySQL by using SSL in /home/extranet/app/config/test.php on line 10
Warning: mysqli_real_connect(): [2002] (trying to connect via tcp://10.1.1.1:3306) in /home/extranet/app/config/test.php on line 10
Warning: mysqli_real_connect(): (HY000/2002): in /home/extranet/app/config/test.php on line 10
Connect error (2002):
这太奇怪。我试过mysql_connet(),它的工作原理...
任何想法??
我使用PHP 25年6月5日
编辑: 我当然也加入行我的网络服务器.my.cnf文件:
[client]
port=3306
ssl-ca=/etc/mysql/newcerts/ca-cert.pem
ssl-cert=/etc/mysql/newcerts/client-cert.pem
ssl-key=/etc/mysql/newcerts/client-key-rsa.pem
能正常工作,以及从网络服务器命令行:
mysql -h 10.1.1.1 -u root --password \
--ssl \
--ssl-ca /etc/mysql/newcerts/ca-cert.pem \
--ssl-cert /etc/mysql/newcerts/client-cert.pem \
--ssl-key /etc/mysql/newcerts/client-key-rsa.pem \
证书的用户/组/权限
[[email protected] newcerts]# ls -alZ
drwxr-xr-x root root ? .
drwxr-xr-x root root ? ..
-rw-r--r-- root root ? ca-cert.pem
-rw-r--r-- root root ? ca-key.pem
-rw-r--r-- root root ? client-cert.pem
-rw-r--r-- root root ? client-key.pem
-rw-r--r-- root root ? client-key-rsa.pem
-rw-r--r-- root root ? client-req.pem
-rw-r--r-- root root ? server-cert.pem
-rw-r--r-- root root ? server-key.pem
-rw-r--r-- root root ? server-req.pem
的SELinux被禁用:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
由于错误状态“无法找到对等证书CN”,您可以在证书上签名吗? 'openssl x509 -in * cert.pem -text -noout' –