[Bug] PHP 8.2 and 8.3 breaks the SSL connection to Matomo's database

[atom-box]

What happened?

The config file and certificate work fine for PHP 8.1. But as soon as PHP 8.2 or 8.3 are implemented the following error is thrown

[PDOException]
PDO::__construct(): Unable to set local cert chain file `/run/secrets/mysql
/tls.crt'; Check that your cafile/capath settings include details of your certificate and its issuer

See more below.

What should happen?

SSL cert should be found when connecting to db with PHP 8.2.

How can this be reproduced?

To reproduce the problem:

1. Update to either PHP to 8.2 or 8.3*
2. Matomo will fail to connect to the database; it breaks Matomo**
3. Roll back to PHP 8.1***
4. Matomo works normally

PHP 8.2-fpm-alpine or PHP 8.3.8-fpm-alpine The error is [PDOException] PDO::__construct(): Unable to set local cert chain file `/run/secrets/mysql /tls.crt'; Check that your cafile/capath settings include details of your certificate and its issuer But the config file is fine when using PHP 8.1. Php 8.1.15-fpm-alpine

Matomo version

5.1.0

PHP version

No response

Server operating system

https://github.com/matomo-org/docker/blob/master/fpm-alpine/Dockerfile

What browsers are you seeing the problem on?

No response

Computer operating system

Alpine Linux

Relevant log output

ERROR     [2024-07-02 12:54:15] 12  There was an error while regenerating container releases: /var/www/html/libs/Zend/Db/Adapter/Pdo/Abstract.php(144): SQLSTATE[HY000] [2002] Cannot connect to MySQL using SSL [Query: , CLI mode: 1]
Done
Error: error or warning logs detected, exit 1
+ /var/www/html/console custom-matomo-js:update
ERROR     [2024-07-02 12:54:16] 19  Uncaught exception: /var/www/html/libs/Zend/Db/Adapter/Pdo/Abstract.php(144): SQLSTATE[HY000] [2002] Cannot connect to MySQL using SSL [Query: , CLI mode: 1]

In Abstract.php line 144:                                                          
  SQLSTATE[HY000] [2002] Cannot connect to MySQL using SSL  

In Abstract.php line 124:                     
  SQLSTATE[HY000] [2002] Cannot connect to MySQL using SSL  

In Abstract.php line 124:                   
  PDO::__construct(): Unable to set local cert chain file `/run/secrets/mysql  
  /tls.crt'; Check that your cafile/capath settings include details of your c  
  ertificate and its issuer

Validations

• [X] Read our Contributing Guidelines.
• [X] Follow our Security Policy.
• [X] Check that there isn't already an issue that reports the same bug to avoid creating duplicates.
• [X] The provided steps to reproduce is a minimal reproducible of the Bug.

[atom-box]

Reminder: this is happening on PHP 8.2-fpm-alpine, and not on PHP 8.1-fpm-alpine https://github.com/matomo-org/docker/blob/master/fpm-alpine/Dockerfile

And it is not happening on the PHP 8.2 that the rest of us are using.

[michalkleiner]

I wonder if this is an error specific to the Matomo docker image. Has someone reproduced this outside of that docker image?

[atom-box]

Does the following make a difference?

The error mentions mysql.cnf which is related to MySQL instance and not Matomo.

In Abstract.php line 124:
[PDOException]
PDO::__construct(): Unable to set local cert chain file `/run/secrets/mysql
/tls.crt'; Check that your cafile/capath settings include details of your certificate and its issuer

[michalkleiner]

Since this error is related to the docker image that is not officially supported by Matomo, someone can either keep troubleshooting it or we can move the issue to the Matomo Docker repository. It most likely is caused by some differences in how the Docker images for newer versions of Matomo (and PHP) are created, perhaps based on a different version of the base system etc. There can be a number of reasons, but I doubt the problem would be with Matomo (the application) itself.

[atom-box]

I reconstituted this as a Docker issue:

[Bug] PHP 8.2 and 8.3 breaks the SSL connection to the SQL database