Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:54849 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 61273 invoked from network); 24 Aug 2011 08:31:37 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 24 Aug 2011 08:31:37 -0000 Authentication-Results: pb1.pair.com smtp.mail=php@hristov.com; spf=permerror; sender-id=unknown Authentication-Results: pb1.pair.com header.from=php@hristov.com; sender-id=unknown Received-SPF: error (pb1.pair.com: domain hristov.com from 91.196.124.214 cause and error) X-PHP-List-Original-Sender: php@hristov.com X-Host-Fingerprint: 91.196.124.214 more.superhosting.bg Linux 2.6 Received: from [91.196.124.214] ([91.196.124.214:51485] helo=more.superhosting.bg) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id D0/92-48631-8E6B45E4 for ; Wed, 24 Aug 2011 04:31:37 -0400 Received: from androto.ddns.playtime.bg ([87.121.162.167] helo=[192.168.2.117]) by more.superhosting.bg with esmtpa (Exim 4.69) (envelope-from ) id 1Qw8rz-0004zR-Oq; Wed, 24 Aug 2011 11:31:31 +0300 Message-ID: <4E54B6E1.5030801@hristov.com> Date: Wed, 24 Aug 2011 10:31:29 +0200 User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.18) Gecko/20110617 Thunderbird/3.1.11 ThunderBrowse/3.8 MIME-Version: 1.0 To: Pierre Joye CC: Scott MacVicar , Reindl Harald , Mailing-List php References: <4E4C61E0.3040007@thelounge.net> <11AAFE15-0785-4651-8F28-716E219017DE@macvicar.net> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - more.superhosting.bg X-AntiAbuse: Original Domain - lists.php.net X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - hristov.com X-Source: X-Source-Args: X-Source-Dir: Subject: Re: [PHP-DEV] 5.3.7 is breaking SSL From: php@hristov.com (Andrey Hristov) Hi, it's pretty simple, once you have a MySQL server running with enabled SSL. You can use the following three files to set your MySQL http://hristov.com/mysql_certs/server-key.pem http://hristov.com/mysql_certs/server-cert.pem http://hristov.com/mysql_certs/cacert.pem [mysqld] ssl-capath=/path/to/certs ssl-ca=/path/to/certscacert.pem ssl-cert=/path/to/certsserver-cert.pem ssl-key=/path/to/certsserver-key.pem Then on the client side : ./php -r '$flags=MYSQLI_CLIENT_SSL; $c = mysqli_init(); $c->real_connect("127.0.0.1", "root", "root", "test", 3306, null, $flags);' leads to a hang during authentication. The server has sent 11 bytes, the client reads 4 of them and knows that it should read additional 7, because of the information in the 4 bytes. The read of the 7 bytes hang. I tried to debug this with ssldump with no success. Best, Andrey On 08/23/2011 07:32 PM, Pierre Joye wrote: > also check with Andrey, he spent a fair amount of time around this issue. > > On Tue, Aug 23, 2011 at 7:21 PM, Scott MacVicar wrote: >> On Aug 17, 2011, at 5:50 PM, Reindl Harald wrote: >> >>> well i guess it is the change below this results in connections in hanging >>> around and after a hughe timeout filling my mailbox with cron-mails: >>> >>> mysqlnd 5.0.8-dev - 20102224 - $Revision: 310735 $ >>> >>> without ssl_set() all works fine but unencyrpted :-( >>> ___________ >>> >>> MySQL server has gone away >>> >>> $this->ssl_key = '/etc/mysql-ssl/client.pem'; >>> $this->ssl_crt = '/etc/mysql-ssl/client.pem'; >>> $this->ssl_ca �= '/etc/mysql-ssl/ca.crt'; >>> >>> $>conn->ssl_set($this->ssl_key, $this->ssl_crt, $this->ssl_ca, NULL, NULL); >>> ___________ >>> >>> https://bugs.php.net/bug.php?id=55283 >>> >>> - MySQLi extension: >>> �. Fixed bug #55283 (SSL options set by mysqli_ssl_set ignored for MySQLi >>> � �persistent connections). (Andrey) >>> >>> >> >> >> Do you have a full script I can use to look at? Do you set a mysql timeout? >> >> - Scott >> >> -- >> PHP Internals - PHP Runtime Development Mailing List >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> > > >