SQL Connection - Certificate Password

[StefanduPlessis]

mysqli_ssl_set does not allow the same certificates as in PHP v8.0 (being the path name to the key file, path name to the certificate file and path name to the certificate authority file). I think this is because of the base IDbConnection

I cannot find a way to add the CertificatePassword to the connection string.
The suggested mysqli_options also does not allow the password to be set since it check for values in the switch it cannot be set

peachpie/src/Peachpie.Library.MySql/MySqli/mysqli.cs

Lines 215 to 233 in 1e47a4b

	switch (option)
	{
	case Constants.MYSQLI_OPT_CONNECT_TIMEOUT: // connection timeout in seconds(supported on Windows with TCP / IP since PHP 5.3.1)
	case Constants.MYSQLI_SET_CHARSET_NAME:
	case Constants.MYSQLI_SERVER_PUBLIC_KEY: // RSA public key file used with the SHA-256 based authentication.
	case Constants.MYSQLI_OPT_SSL_VERIFY_SERVER_CERT:
	//case Constants.MYSQLI_OPT_LOCAL_INFILE enable/ disable use of LOAD LOCAL INFILE
	//case Constants.MYSQLI_INIT_COMMAND command to execute after when connecting to MySQL server
	//case Constants.MYSQLI_READ_DEFAULT_FILE Read options from named option file instead of my.cnf
	//case Constants.MYSQLI_READ_DEFAULT_GROUP Read options from the named group from my.cnf or the file specified with MYSQL_READ_DEFAULT_FILE.
	//case Constants.MYSQLI_OPT_NET_CMD_BUFFER_SIZE The size of the internal command/network buffer.Only valid for mysqlnd.
	//case Constants.MYSQLI_OPT_NET_READ_BUFFER_SIZE Maximum read chunk size in bytes when reading the body of a MySQL command packet. Only valid for mysqlnd.
	//case Constants.MYSQLI_OPT_INT_AND_FLOAT_NATIVE Convert integer and float columns back to PHP numbers. Only valid for mysqlnd.
	SetOption(option, value.DeepCopy());
	return true;
	default:
	PhpException.InvalidArgument(nameof(option));
	return false;

I've tried the suggested post, but it throws an exception with the following message:

Cannot open connection: CertificateFile should be in PKCS #12 (.pfx) format and contain both a Certificate and Private Key

Will it be possible to add the functionality to set the certificate password?

[jakubmisek]

thanks, yes. Is there a way in regular PHP how to do it? Or is it something you can't even do in PHP now ?

[StefanduPlessis]

I cannot find a way to use the .pfx certificate file on php. We use to give it .pem files, for example:

mysqli_ssl_set($mysql, 'client-key.pem', 'client-cert.pem', 'server-ca.pem', null, null)

But this fails due to the missing key as far as I could see. It may be easier just to reimplement the Key parameter again if possible.
I got around this issue in the end by just removing the password from the certificate file.

[jakubmisek]

ssl_set is probably implemented incorrectly in our case.

The 3rd argument is actually expected to be .pfx (which is not what PHP does)

peachpie/src/Peachpie.Library.MySql/MySqli/mysqli.cs

Line 343 in 1e47a4b

case Constants.MYSQLI_CertificateFile: connection_string.CertificateFile = Path.Combine(ctx.WorkingDirectory, pair.value.String); break;

We have to "bind" the ssl_set to the IDbConnection's ConnectionString somehow