search

beyondcode / herd-community

71 stars 1 forks source link

[Bug]: ProxySQL Error: Access denied for user 'XXX' (using password: YES). SSL is required #683

Open MrMooky opened 2 months ago

MrMooky commented 2 months ago

Platform

macOS

Operating system version

Sonoma 14.4.1

System architecture

ARM64 (M1, M2, etc)

Herd Version

1.6.0

PHP Version

PHP 8.2

Bug description

I'm not quite sure if this is a bug, sorry if it isn't and it's just me being stupid. Essentially, I want to connect to an external database from a local installation. When using the correct credentials, I'm getting this error:

SQLSTATE[HY000] [1045] ProxySQL Error: Access denied for user 'ABC' (using password: YES). SSL is required

This is the connection I'm using:

'mysqlMittwald' => [
    'driver' => 'mysql',
    'host' => env('MW_DB_HOST'),
    'port' => env('MW_DB_PORT', '3306'),
    'database' => env('MW_DB_DATABASE'),
    'username' => env('MW_DB_USERNAME'),
    'password' => env('MW_DB_PASSWORD', ''),
    'strict' => true,
    'engine' => null,
    'charset' => 'utf8mb4',
    'collation' => 'utf8mb4_unicode_ci',
],

I never used it before, but I think I may need to add the following in order for it to work:

'options' => [
    PDO::MYSQL_ATTR_SSL_KEY => path/to/ssl/client-key.pem,
    PDO::MYSQL_ATTR_SSL_CERT => path/to/ssl/client-cert.pem,
    PDO::MYSQL_ATTR_SSL_CA => path/to/ssl/ca-cert.pem
]

But I don't know where those are located. There is a cacert.pem in Library/Application Support/Herd/config/php which may be needed for MYSQL_ATTR_SSL_CA, but I don't think that's the right file and it kind of feels odd to use a path like that inside my app.

Steps to reproduce

No response

Relevant log output

No response

sschlein commented 1 month ago

I just want to double check if this is still an existing problem as it looks that we've missed this issue for a while and not given you any hints.

Are you sure that your .env vars are correct?

MrMooky commented 1 month ago

Yes, they are correct. I can connect via my SQL client.

mpociot commented 1 month ago

I just tried to reproduce this by creating a fresh DigitalOcean database cluster, which also requires SSL: CleanShot 2024-05-08 at 12 27 09

And I was able to connect to it without any special configuration - so this error seems to be specific to Mittwald's database hosting. Newer versions of Laravel have this setup as their options config array:

            'options' => extension_loaded('pdo_mysql') ? array_filter([
                PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA'),
            ]) : [],

Maybe this works for you? This way you could specify the path to the SSL_CA if needed in your .env file.

MrMooky commented 1 month ago

@mpociot I never had to use this, so what would I enter for the MYSQL_ATTR_SSL_CA variable? That was my initial question:

But I don't know where those are located. There is a cacert.pem in Library/Application Support/Herd/config/php which may be needed for MYSQL_ATTR_SSL_CA, but I don't think that's the right file and it kind of feels odd to use a path like that inside my app.

To my understanding, I need to supply a local certificate which Herd / Valet provides? 🤔