Skip to content

Instantly share code, notes, and snippets.

@samsch

samsch/README.md

Created January 21, 2016 16:38
Show Gist options
  • Save samsch/d5243de3924a8ad10df2 to your computer and use it in GitHub Desktop.
Save samsch/d5243de3924a8ad10df2 to your computer and use it in GitHub Desktop.
Download ZIP
How to set PDO MySQL SSL Constants in Symfony
Raw
README.md

I created this because I was frusterated by having to change the integer values when the environments changed for my projects. A simple update of PHP 5.6 (I think it was PHP 5.6.16 to 5.6.17) changed the integer values, which are usually what is suggested to be used in parameters.yml or config.yml.

By using the constants, you don't have to worry about stupid stuff like that. (Since that's what they were designed for.)

Raw
config.yml
#Add extra config resource resource after normal files
imports:
- { resource: parameters.yml }
- { resource: security.yml }
- { resource: services.yml }
- { resource: pdo-constants.php }
#...
# Doctrine Configuration
doctrine:
dbal:
connections:
default:
driver: "%database_driver%"
host: "%database_host%"
port: "%database_port%"
dbname: "%database_name%"
user: "%database_user%"
password: "%database_password%"
options: "%pdo_options%"
Raw
parameters.yml
parameters:
#obviously, if you aren't using mysql, this is different.
database_driver: pdo_mysql
database_host: https://yourdbhost.com
#...
pdo_ca_file: /pathtocerts/certs/mysql-ca.pem
#Point to your actual file of course. And if you need the other files,
#add them in too.
Raw
pdo-constants.php
<?php
$container->setParameter("pdo_options", [
PDO::MYSQL_ATTR_SSL_CA => "%pdo_ca_file%",
]);
//This is the whole file for my project.
//If you need other constants, just add them to the array.
@MlleDelphine
Copy link

MlleDelphine commented Jun 20, 2016
edited
Loading

Nice trick !

I was using this in my parameters.yml :

        options:
            1010: "/etc/mysql/client-key.pem" #priv_key 1010 #PDO::MYSQL_ATTR_SSL_KEY
            1011: "/etc/mysql/client-cert.pem" #pub_cert 1011 #PDO::MYSQL_ATTR_SSL_CERT
            1012: "/etc/mysql/ca-cert.pem" #ca_cert 1012 #PDO::MYSQL_ATTR_SSL_CA

But... It threw an error :
ContextErrorException: Warning: no valid certs found cafile stream:/etc/mysql/client-key.pem'`

I tried to bypass(directly in vendor for testing purpose) Doctrine2 PDOExtension class by constructing my own PDO instance. And after that, I got :
Warning: PDO::__construct(): Peer certificate CN='Ellememe' did not match expected CN='192.168.2.200'

But.. I told myself that "even if I change CN during certs generation I couldn't write directly in vendor".. Thanks to your solution maybe I could reconsider the issue !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment