MySQL SHA256帐户的PHP访问被拒绝
我已在MySQL 5.7.13服务器上将OpenSSL 1.0.2h编译为/usr/local/OpenSSL,代码如下:MySQL SHA256帐户的PHP访问被拒绝,php,mysql,apache,ssl,Php,Mysql,Apache,Ssl,我已在MySQL 5.7.13服务器上将OpenSSL 1.0.2h编译为/usr/local/OpenSSL,代码如下: tar xvzf openssl-1.0.2h.tar.gz -C /usr/local cd /usr/local/openssl-1.0.2h ./config --prefix=/usr/local/openssl shared make depend make make install 之后,我将MySQL配置为: cmake . -DMYSQL_DATADIR=
tar xvzf openssl-1.0.2h.tar.gz -C /usr/local
cd /usr/local/openssl-1.0.2h
./config --prefix=/usr/local/openssl shared
make depend
make
make install
之后,我将MySQL配置为:
cmake . -DMYSQL_DATADIR=/usr/local/mysql/dat -DWITH-SSL=/usr/local/openssl
当MySQL第一次启动时,它会在/dat目录中创建八个key/cert(.pem)文件:
- 上的SSL可用性(绿点)
- SHA256密码私钥:私钥.pem
- SHA256密码公钥:公钥.pem
- SSL CA:CA.pem
- SSL CA路径:n/a
- SSL证书:server-Cert.pem
- SSL CRL:不适用
- SSL CRL路径:n/a
- SSL密钥:服务器密钥.pem
[client]
ssl-ca = /usr/local/mysql/dat/ca.pem
ssl-cert = /usr/local/mysql/dat/client-cert.pem
ssl-key = /usr/local/mysql/dat/client-key.pem
[mysqld]
ssl-ca = /usr/local/mysql/dat/ca.pem
ssl-cert = /usr/local/mysql/dat/server-cert.pem
ssl-key = /usr/local/mysql/dat/server-key.pem
ssl-cipher = DHE-RSA-AES256-SHA
MySQL服务器的“状态”如下:
mysql> status
--------------
./bin/mysql Ver 14.14 Distrib 5.7.13, for Linux (x86_64) using EditLine wrapper
Connection id: 4
Current database: mysql
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current page: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.7.13-debug-log Source distribution
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8
Db characterset: utf8
Client characterset: utf8
Conn. characterset: utf8
UNIX socket: /tmp/mysqld.sock
我有一个单独的客户机服务器,运行的是Apache2.4.10(配置为--with-ssl=/usr/local/openssl),PHP7.0.7(配置为--with-openssl=/usr/local/openssl),以及相同的openssl 1.0.2h(配置为---prefix=/usr/local/openssl-shared)。我的phpinfo.php文件显示已启用OpenSSL支持,并且其库/头版本确实是1.0.2h
然后,我将ca.pem、server-cert.pem和server-key.pem文件从MySQL服务器复制到Apache/PHP服务器,并创建一个目录将它们放在:/usr/local/openssl/ssl/MySQL/中
下面是我的PHP代码,它使用[user_standard]的凭据获得了“成功”,但我得到
警告:mysqli_real_connect():(HY000/1045):用户“user_sha256”的访问被拒绝(使用密码:是)
只需将$user和$pass变量切换为以[user\u sha256]身份登录即可。其他一切都是一样的
$conn = mysqli_init();
$conn->options (MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$conn->ssl_set ('/usr/local/openssl/ssl/mysql/server-key.pem', '/usr/local/openssl/ssl/mysql/server-cert.pem', '/usr/local/openssl/ssl/mysql/ca.pem', NULL, 'DHE-RSA-AES256-SHA');
$serv = 'MySQL_Server_5.7.13_Auto_Generated_Server_Certificate';
$user = 'user_standard'; // Switching to 'user_sha256' = Permission denied
$pass = 'user_standard'; // Switching to 'user_sha256' = Permission denied
$data = 'test';
$conn->real_connect ($serv, $user, $pass, $data, 3306, NULL, MYSQLI_CLIENT_SSL);
if (!$conn) {
die ('Connect error (' . mysqli_connect_errno(). '): ' . mysqli_connect_error() . "\n");
} else {
echo "Success!";
}
$conn->close();
我不理解其中的区别和/或可能需要进行不同的配置,以允许PHP连接到SHA256帐户
顺便说一下,MySQL服务器和Apache/PHP服务器都是:CentOS Linux 7.2.1511版(核心版)