PHP, MySQLi and SSL

[willfitch]

Hey All,

 

I am having issues getting the MySQLi extension to connect to a SSL enabled MySQL server.  As soon as I specify the MYSQLI_CLIENT_SSL flag on the real_connect, it hangs forever.

 

The connection is being made.  If I issue a SHOW PROCESSLIST on the MySQL server, I can see the user attempting to authenticate, but it never goes beyond that.

 

Neither one of these work:

<?php
// Instantiate object
$mysqli = new mysqli( );
//Call the init method to allow setting of options
$mysqli->init( );
$host = 'hostname.tld';
$username = 'ssluser';
$password = 'password';
$dbname = 'db';
$port = 3309;
$socket = null;
// Set a new config file, disallow LOAD LOCAL INFILE and set the timeout to 600 seconds
$mysqli->options(MYSQLI_READ_DEFAULT_FILE, '/home/user/ssl/mynew.cnf');
$mysqli->options(MYSQLI_OPT_LOCAL_INFILE, false);
$mysqli->options(MYSQLI_OPT_CONNECT_TIMEOUT, 600);
// Connect with the above options, as well as SSL
if (!$mysqli->real_connect($host,$username,$password,$dbname,$port,$socket,MYSQLI_CLIENT_SSL)) {
    $mysqli->close();
    exit();
}

 

or

 

<?php
/* create a connection object which is not connected */
$mysqli = new mysqli();
$mysqli->init();
$mysqli->ssl_set("/home/user/ssl/client-key.pem","/home/user/ssl/client-cert.pem","/home/user/ssl/ca-cert.pem","/home/user/ssl",null);
/* set connection options */
$mysqli->options(MYSQLI_INIT_COMMAND, "SET AUTOCOMMIT=0");
$mysqli->options(MYSQLI_OPT_CONNECT_TIMEOUT, 5);


/* connect to server */
$mysqli->real_connect('host.tld', 'ssluser', 'password','db',3309,null,MYSQLI_CLIENT_SSL);
/* Select queries return a resultset */

$mysqli->close();
?>

 

I can successfully connect to this same server using the mysql client with the same server that the PHP script is running on.  I know the issue is not hostname resolution or certificate related.

 

Any help would be appreciated.