php7.0-mysql 无法使用证书连接到数据库

tag-icon tag-icon apache2 mysql php ssl
php7.0-mysql 无法使用证书连接到数据库

我有两台安装了 Ubuntu 16.04.1 LTS 的服务器,其中一台上我安装并配置了 mysql-server 以允许使用客户端证书进行身份验证。

在另一台服务器上,我按照说明安装了 apache2 和 PHP 7https://www.howtoforge.com/tutorial/install-apache-with-php-and-mysql-on-ubuntu-16-04-lamp/

我能够通过 CLI 连接到数据库:

$ mysql -u my_user --ssl-ca=ca-cert.pem --ssl-cert=client-cert.pem --ssl-key=client-key.pem -h db_host my_db
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.16-0ubuntu0.16.04.1-log (Ubuntu)

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

/var/www/html 包含以下文件:

$ ls -la /var/www/html/
total 44
drwxr-xr-x 2 root root  4096 Nov 20 07:27 .
drwxr-xr-x 3 root root  4096 Nov 20 06:35 ..
-rw-r--r-- 1 root root  1931 Nov 20 06:36 ca-cert.pem
-rw-r--r-- 1 root root  1931 Nov 20 06:36 ca.pem
-rw-r--r-- 1 root root  1809 Nov 20 06:36 client-cert.pem
-rw-r--r-- 1 root root  3243 Nov 20 06:36 client-key.pem
-rw-r--r-- 1 root root 11321 Nov 20 06:35 index.html
-rw-r--r-- 1 root root  1368 Nov 20 07:27 index.php

index.php内容如下:

$ cat index.php 
<?php

ini_set ('error_reporting', E_ALL);
ini_set ('display_errors', '1');
error_reporting (E_ALL|E_STRICT);

$key = "client-key.pem";
$cert = "client-cert.pem";
$ca = "ca-cert.pem";

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$mysqli = mysqli_init();
if ( $mysqli )
{
   $mysqli->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, false);
   $mysqli->ssl_set($key, $cert, $ca, NULL, NULL);
   if (! $mysqli->real_connect('db_host','my_user', '', 'my_db', 3306, NULL, MYSQLI_CLIENT_SSL))
   {
      if ($mysqli->connect_errno) 
      {
         echo "Sorry, this website is experiencing problems.";
         echo "Error: Failed to make a MySQL connection, here is why: \n";
         echo "Errno: " . $mysqli->connect_errno . "\n";
        echo "Error: " . $mysqli->connect_error . "\n";
      }
   }
}
?>

当我使用浏览器访问index.php时,出现以下错误:

Warning: mysqli::real_connect(): SSL operation failed with code 1. OpenSSL Error messages: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number in /var/www/html/index.php on line 17

Warning: mysqli::real_connect(): Cannot connect to MySQL by using SSL in /var/www/html/index.php on line 17

Warning: mysqli::real_connect(): [2002] (trying to connect via tcp://db_host:3306) in /var/www/html/index.php on line 17

Fatal error: Uncaught mysqli_sql_exception in /var/www/html/index.php:17 Stack trace: #0 /var/www/html/index.php(17): mysqli->real_connect('db_host', 'my_user', '', 'my_db', 3306, '', 2048) #1 {main} thrown in /var/www/html/index.php on line 17

有谁知道为什么我无法通过 PHP 的 MySQLi 连接而 CLI 连接工作正常?

非常感谢任何解决此问题的指示。

多谢

相关内容