Open drewwynne0 opened 2 years ago
Do you use mysqlnd or libmysql-client (see PHP info)?
mysqlnd
Just freshly installed php as working on a different machine.
[PHP Modules]
bcmath
calendar
Core
ctype
curl
date
dom
fileinfo
filter
hash
iconv
json
libxml
mbstring
mysqlnd
openssl
pcre
PDO
pdo_mysql
Phar
readline
Reflection
session
SimpleXML
SPL
standard
tokenizer
xml
xmlreader
xmlwriter
zip
zlib
Thank you! In this case, the verification is done via the SSL stream context options verify_peer
and verify_peer_name
, so this is not necessarily a mysqlnd issue. I wonder, though, how libmysql-client would behave.
I have a similar setup as mentioned above, however I am using mariaDB client and connecting to an aurora DB via RDS proxy. Unfortunately for me --ssl-mode=VERIFY_CA is NOT an option within mariaDB client so I need to find a way to use "--ssl" instead.
I just spotted this same issue on my setup. I'm using docker image of PHP 8.2.12
root@spooler-qa4-3b64c:/var/www# php -v
PHP 8.2.12 (cli) (built: Oct 28 2023 01:45:57) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.2.12, Copyright (c) Zend Technologies
with Zend OPcache v8.2.12, Copyright (c), by Zend Technologies
with ddtrace v1.1.0, Copyright Datadog, by Datadog
with datadog-profiling v1.1.0, Copyright Datadog, by Datadog
with ddappsec v1.1.0, Copyright Datadog, by Datadog
php -i
shows this
mysqlnd
mysqlnd => enabled
Version => mysqlnd 8.2.12
Loaded plugins => mysqlnd,debug_trace,auth_plugin_mysql_native_password,auth_plugin_mysql_clear_password,auth_plugin_caching_sha2_password,auth_plugin_sha256_password
API Extensions => pdo_mysql
PDO drivers => sqlite, mysql
pdo_mysql
Client API version => mysqlnd 8.2.12
I have set driver options like:
array(5) {
[1002]=>
string(39) "SET SESSION max_execution_time = 120000"
[1014]=>
int(0)
[1009]=>
string(27) "/secrets/cloudsql/client_ca"
[1008]=>
string(29) "/secrets/cloudsql/client_cert"
[1007]=>
string(28) "/secrets/cloudsql/client_key"
}
But even when PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT
is set to 0
I get this error when connecting to GCP mysql instance:
PDO::__construct(): Peer certificate CN=`xxxx-xx:xxx-xxxx' did not match expected CN=`XX.XX.XX.XX'
Is there any workaround for this?
Description
Apologies, may not be a bug but cannot seems to find anything after extensive research.
The following code:
Resulted in this output:
~~~
used for masking But I expected this output instead:There doesn't seem to be a specific way to force
--ssl-mode=VERIFY_CA
mysql cli connection works fine with this flagScenario - I am utilising AWS RDS Proxy with a Read/Write endpoint and a Read endpoint. Read/write connects fine, but when trying to connect to the read only endpoint, receive the above error, assuming that the read only is within the subdomain .endpoint.proxy- whereas the read/write is with .proxy-
PHP Version
PHP 8.1.6
Operating System
Windows 11 // Ubuntu 20.04