1

I'm trying to set up an SSL connection between two servers (Laravel and MySQL 8). The options in database.php for this connection are:

'db_connection' => [
    'driver' => 'mysql',
    'host' => '192.168.0.1',
    'port' => '3306',
    'database' => 'my_db',
    'username' => 'my_user',
    'password' => 'my_password',
    'charset' => 'utf8mb4',
    'collation' => 'utf8mb4_unicode_ci',
    'prefix_indexes' => true,
    'strict' => true,
    'engine' => null,
    'options' => extension_loaded('pdo_mysql') ? array_filter([
        PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
        PDO::MYSQL_ATTR_SSL_CA => '/path/ca.pem',
        PDO::MYSQL_ATTR_SSL_KEY => '/path/client-key.pem',
        PDO::MYSQL_ATTR_SSL_CERT => '/path/client-cert.pem',
    ]) : [],
],

Now even though I set MYSQL_ATTR_SSL_VERIFY_SERVER_CERT to false but I still get this error:

PDO::__construct(): Peer certificate CN=`MySQL_Server_8.0.xx_Auto_Generated_Server_Certificate' did not match expected CN=`192.168.0.1'

I also tried to remove MYSQL_ATTR_SSL_CA But then I get this error:

SQLSTATE[HY000] [3159] Connections using insecure transport are prohibited while --require_secure_transport=ON.

I even tried to set MYSQL_ATTR_SSL_CA to '/dev/null' but I get this error:

failed loading cafile stream: `/dev/null'

It seems MYSQL_ATTR_SSL_VERIFY_SERVER_CERT is not working at all. How can I resolve my issue and disable SSL certification verification in Laravel?

Thanks.

Sky
  • 4,244
  • 7
  • 54
  • 83
  • Does this answer your question? [php 5.x 7.x, ssl pdo error: Peer certificate CN=\`someName' did not match expected CN='someIP'](https://stackoverflow.com/questions/38719607/php-5-x-7-x-ssl-pdo-error-peer-certificate-cn-somename-did-not-match-expecte) – Nico Haase Nov 22 '21 at 11:01
  • @NicoHaase Hi Nico. If I add `MySQL_Server_8.0.xx_Auto_Generated_Server_Certificate` to my `/etc/hosts` file pointing to `192.168.0.1` the problem will be solved. But I prefer not to change my hosts file. I want to know why `MYSQL_ATTR_SSL_VERIFY_SERVER_CERT` is not working as expected. – Sky Nov 22 '21 at 11:13

1 Answers1

2

I see 2 options to solve it:

A) Remove array_filter (by default removes all keys with value==false) from

'options' => extension_loaded('pdo_mysql') ? array_filter([

OR

B) change options to:

'options' => extension_loaded('pdo_mysql') ? array_filter([
        PDO::MYSQL_ATTR_SSL_CA => '/path/ca.pem',
        PDO::MYSQL_ATTR_SSL_KEY => '/path/client-key.pem',
        PDO::MYSQL_ATTR_SSL_CERT => '/path/client-cert.pem',
    ]) + [PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,] : [],
goSMARTER
  • 21
  • 3