Is establishing secure connection to remote databases supported if it’s required by latter? It’s usually done by having ca-certificates packages and by linking path to .crt using mysqli::ssl_set/PDO::MYSQL_ATTR_SSL_CA. Trying to connect to planetscale, their docs have some more details if needed
I don’t think we have any limitations regarding using encrypted connections to an external database host. But I’ve never tried, so I don’t know for sure.
As far as I can tell, you can just call $mysqli->ssl_set() to enable SSL encryption and it will work with the default parameters.
Have you actually tried it? If so, what happened?
4 Likes
Using PDO, tried straight up connecting - throws Uncaught PDOException: SQLSTATE[HY000] [1105] unknown error: Code: UNAVAILABLE server does not allow insecure connections, client must use SSL/TLS. No known path to set MYSQL_ATTR_SSL_CA so not sure where to go from there.
Since mysqli was brought up tried it too with simple mysqli_init/real_connect, can’t quite work with ssl_set as it just throws mysqli::ssl_set() expects exactly 5 parameters, 0 given, passing NULLs gives off exact same warning as PDO.
Linking what planetscale presents as “mysqli_ssl_set details” if that helps in any way to understand what exactly is the issue.
Interesting, I would guess the MySQL library would be able to find the default CA chain location by itself.
I’m not sure exactly where it is on our servers, but our servers run CentOS or AlmaLinux, which according to PlanetScale should have the CA path at /etc/pki/tls/certs/ca-bundle.crt. Could you please try that?
4 Likes
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.