脚本宝典收集整理的这篇文章主要介绍了php – MYSQLi和ssl连接到数据库服务器,脚本宝典觉得挺不错的,现在分享给大家,也给大家做个参考。
所以我试图使用mysql命令从webserver连接:
MysqL -h 10.1.1.1 -uroot -p Password Welcome to the MysqL monITor. Commands end with ; or \g. Your MysqL connection id is 71 Server version: 5.5.5-10.1.19-MariaDB MariaDB Server Copyright (c) 2000,2016,oracle and/or its affiliates. All rights reserved. Oracle is a registered Trademark of Oracle Corporation and/or its affiliates. Other names may be Trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MysqL>
所以现在我想看看它是否真的是ssl:
MysqL> status; -------------- MysqL Ver 14.14 Distrib 5.6.33,for Linux (x86_64) using EditLine wrapper Connection id: 71 Current database: Current user: root@10.1.1.2 SSL: Cipher in use is DHE-RSA-AES256-sHA Current pager: stdout Using outfile: '' Using delimiter: ; Server version: 5.5.5-10.1.19-MariaDB MariaDB Server PRotocol version: 10 Connection: 10.1.1.1 via TCP/IP Server characterset: latin1 Db characterset: latin1 Client characterset: utf8 Conn. characterset: utf8 TCP port: 3306 Uptime: 1 hour 6 min 51 sec Threads: 1 Questions: 153 Slow queries: 0 Opens: 21 Flush tables: 1 Open tables: 15 Queries per second avg: 0.038 -------------- MysqL>
所以我看到建立了连接.我写了一些PHP脚本来连接我的数据库:
<?PHP ini_set ('error_reporting',E_ALL); ini_set ('display_errors','1'); error_reporting (E_ALL|E_STRICT); $db = MysqLi_init(); MysqLi_options ($db,MysqLI_OPT_SSL_VERIFY_SERVER_CERT,true); $db->ssl_set('/etc/MysqL/newcerts/client-key-rsa.pem','/etc/MysqL/newcerts/client-cert.pem','/etc/MysqL/newcerts/ca-cert.pem',NULL,NULL); $link = MysqLi_real_connect ($db,'10.1.1.1','root','xxxxxx','MysqL',3306,MysqLI_CLIENT_SSL); if (!$link) { die ('Connect error (' . MysqLi_connect_errno() . '): ' . MysqLi_connect_error() . "\n"); } else { $res = $db->query('SHOW TABLES;'); print_r ($res); $db->close(); } ?>
但是现在当我在我的网络服务器上运行这个脚本时,我收到了这个错误:
[root@web-01 config]# PHP test.PHP Warning: MysqLi_real_connect(): Unable to locate peer certificate CN in /home/extranet/app/config/test.PHP on line 10 Warning: MysqLi_real_connect(): Cannot connect to MysqL by using SSL in /home/extranet/app/config/test.PHP on line 10 Warning: MysqLi_real_connect(): [2002] (trying to connect via tcp://10.1.1.1:3306) in /home/extranet/app/config/test.PHP on line 10 Warning: MysqLi_real_connect(): (HY000/2002): in /home/extranet/app/config/test.PHP on line 10 Connect error (2002):
这太奇怪了.我试过MysqL_connet(),它有效……
有任何想法吗 ??
我使用的是PHP 5.6.25
编辑:
当然,我还在我的网络服务器.my.cnf@L_126_50@中添加了一行:
[client] port=3306 ssl-ca=/etc/MysqL/newcerts/ca-cert.pem ssl-cert=/etc/MysqL/newcerts/client-cert.pem ssl-key=/etc/MysqL/newcerts/client-key-rsa.pem
从webserver命令行也可以正常工作:
MysqL -h 10.1.1.1 -u root --password \ --ssl \ --ssl-ca /etc/MysqL/newcerts/ca-cert.pem \ --ssl-cert /etc/MysqL/newcerts/client-cert.pem \ --ssl-key /etc/MysqL/newcerts/client-key-rsa.pem \
证书用户/组/权限
[root@web-01 newcerts]# ls -alZ drwxr-xr-x root root ? . drwxr-xr-x root root ? .. -rw-r--r-- root root ? ca-cert.pem -rw-r--r-- root root ? ca-key.pem -rw-r--r-- root root ? client-cert.pem -rw-r--r-- root root ? client-key.pem -rw-r--r-- root root ? client-key-rsa.pem -rw-r--r-- root root ? client-req.pem -rw-r--r-- root root ? server-cert.pem -rw-r--r-- root root ? server-key.pem -rw-r--r-- root root ? server-req.pem
SELinux被禁用:
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected,# minimum - Modification of targeted policy. Only selected processes are protected. # MLs - Multi Level Security protection. SELINUXTYPE=targeted
以上是脚本宝典为你收集整理的php – MYSQLi和ssl连接到数据库服务器全部内容,希望文章能够帮你解决php – MYSQLi和ssl连接到数据库服务器所遇到的问题。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。