SQL Connection - Certificate Password

[StefanduPlessis]

mysqli_ssl_set does not allow the same certificates as in PHP v8.0 (being the path name to the key file, path name to the certificate file and path name to the certificate authority file). I think this is because of the base IDbConnection

I cannot find a way to add the CertificatePassword to the connection string. The suggested mysqli_options also does not allow the password to be set since it check for values in the switch it cannot be set https://github.com/peachpiecompiler/peachpie/blob/1e47a4b9321f542ab21269dad6b9d20315e277cd/src/Peachpie.Library.MySql/MySqli/mysqli.cs#L215-L233

I've tried the suggested post, but it throws an exception with the following message:

Cannot open connection: CertificateFile should be in PKCS #12 (.pfx) format and contain both a Certificate and Private Key

Will it be possible to add the functionality to set the certificate password?

[jakubmisek]

thanks, yes. Is there a way in regular PHP how to do it? Or is it something you can't even do in PHP now ?

[StefanduPlessis]

I cannot find a way to use the .pfx certificate file on php. We use to give it .pem files, for example:

mysqli_ssl_set($mysql, 'client-key.pem', 'client-cert.pem', 'server-ca.pem', null, null)

But this fails due to the missing key as far as I could see. It may be easier just to reimplement the Key parameter again if possible. I got around this issue in the end by just removing the password from the certificate file.

[jakubmisek]

ssl_set is probably implemented incorrectly in our case.

The 3rd argument is actually expected to be .pfx (which is not what PHP does) https://github.com/peachpiecompiler/peachpie/blob/1e47a4b9321f542ab21269dad6b9d20315e277cd/src/Peachpie.Library.MySql/MySqli/mysqli.cs#L343

We have to "bind" the ssl_set to the IDbConnection's ConnectionString somehow