Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Development Issues MySQLi and SSL connections
MySQLi and SSL connections
  • Offline mwhitney
    Posting Freak
  • *****
  • Posts: 1,101
    Threads: 4
    Joined: Nov 2014
    Reputation: 95
#1
02-15-2016, 02:15 PM

In the MySQLi driver, there's a version check when attempting a connection with SSL:
https://github.com/bcit-ci/CodeIgniter/b...r.php#L207

(also in develop: https://github.com/bcit-ci/CodeIgniter/b...r.php#L207 )

PHP Code:
// Prior to version 5.7.3, MySQL silently downgrades to an unencrypted connection if SSL setup fails
if (
    ($client_flags MYSQLI_CLIENT_SSL)
    && version_compare($this->_mysqli->client_info'5.7.3''<=')
    && empty($this->_mysqli->query("SHOW STATUS LIKE 'ssl_cipher'")->fetch_object()->Value)
)


After a little testing, I believe this check is incorrect (it's not particularly dangerous, as I believe this version_compare() call will return true in most environments, but that does mean the query() will run when it doesn't need to).

I believe that the MySQL version referenced in the comment is the version of the MySQL server. The referenced change is also mentioned in the MySQL documentation: http://dev.mysql.com/doc/refman/5.7/en/s...eneral_ssl

$this->_mysqli->client_info returns the version of the PHP MySQLi client, which does not share version numbers with the MySQL database. I believe the version numbers referenced in the MySQL documentation are specific to the MySQL Server to which you are connecting, and the version number of the PHP MySQLi client does not have any impact on the behavior described. The default version numbers for the mysqlnd client in PHP 5.x are listed here: http://php.net/manual/en/mysqlnd.plugin.obtaining.php

In my PHP 7 installation, the mysqlnd client version is 5.0.12.

I didn't have any luck finding the client version numbers for libmysqlclient. The default clients used for 5.x versions of PHP's MySQLi extension are listed here: http://php.net/manual/en/mysqli.installation.php

It seems likely that the code should be changed to:

PHP Code:
// Prior to version 5.7.3, MySQL silently downgrades to an unencrypted connection if SSL setup fails
if (
    ($client_flags MYSQLI_CLIENT_SSL)
    && version_compare($this->_mysqli->server_info'5.7.3''<=')
    && empty($this->_mysqli->query("SHOW STATUS LIKE 'ssl_cipher'")->fetch_object()->Value)
)

Bonfire
Practical CodeIgniter 3
CodeIgniter Testing Guide
Reply


Messages In This Thread
MySQLi and SSL connections - by mwhitney - 02-15-2016, 02:15 PM
RE: MySQLi and SSL connections - by Narf - 02-15-2016, 03:54 PM
RE: MySQLi and SSL connections - by mwhitney - 02-16-2016, 01:53 PM
RE: MySQLi and SSL connections - by Narf - 02-16-2016, 02:38 PM
RE: MySQLi and SSL connections - by mwhitney - 02-16-2016, 03:20 PM
RE: MySQLi and SSL connections - by mwhitney - 02-26-2016, 10:15 AM



Theme © iAndrew 2016 - Forum software by © MyBB