How does SSL support work in PHP PDO (MySQL)?

Question

How does SSL support work in PHP PDO (MySQL)?

I am familiar with public / private key conversations implemented in HTTPS, so the following driver parameters are confusing to me, which are clearly available (although not officially documented) for the MySQL PDO driver:

PDO::MYSQL_ATTR_SSL_KEY PDO::MYSQL_ATTR_SSL_CERT PDO::MYSQL_ATTR_SSL_CA

The link indicates that they point to files stored locally, but why is a copy of anything other than the CA certificate stored on the client? Has anyone successfully made an encrypted connection using this method?

+4

php mysql pdo ssl public-key-encryption

tjbp Jan 25 '12 at 18:14

source share

1 answer

deceze · Accepted Answer · 2012-01-26T01:38:06+0000

This applies to client certificates that a client must have in order to be able to connect to the server, that is, the client must verify its identity (yes, SSL can also work and vice versa). Start by reading the general section Using SSL for Secure Connections , then review the REQUIRE in the GRANT syntax :

REQUIRE X509 means that the client must have a valid certificate, but the exact certificate, issuer and entity do not matter. The only requirement is that it is possible to verify your signature with one of the CA certificates.
REQUIRE ISSUER 'issuer' places a restriction on connection attempts so that the client must provide a valid X509 certificate issued by CA 'issuer'. If the client presents a certificate that is valid but has a different issuer, the server rejects the connection. Using X509 certificates always implies encryption, so in this case, the SSL option is not needed.
...

How does SSL support work in PHP PDO (MySQL)?

More articles: