Skip to content

Instantly share code, notes, and snippets.

@samsch samsch/README.md
Created Jan 21, 2016

Embed
What would you like to do?
How to set PDO MySQL SSL Constants in Symfony

I created this because I was frusterated by having to change the integer values when the environments changed for my projects. A simple update of PHP 5.6 (I think it was PHP 5.6.16 to 5.6.17) changed the integer values, which are usually what is suggested to be used in parameters.yml or config.yml.

By using the constants, you don't have to worry about stupid stuff like that. (Since that's what they were designed for.)

#Add extra config resource resource after normal files
imports:
- { resource: parameters.yml }
- { resource: security.yml }
- { resource: services.yml }
- { resource: pdo-constants.php }
#...
# Doctrine Configuration
doctrine:
dbal:
connections:
default:
driver: "%database_driver%"
host: "%database_host%"
port: "%database_port%"
dbname: "%database_name%"
user: "%database_user%"
password: "%database_password%"
options: "%pdo_options%"
parameters:
#obviously, if you aren't using mysql, this is different.
database_driver: pdo_mysql
database_host: https://yourdbhost.com
#...
pdo_ca_file: /pathtocerts/certs/mysql-ca.pem
#Point to your actual file of course. And if you need the other files,
#add them in too.
<?php
$container->setParameter("pdo_options", [
PDO::MYSQL_ATTR_SSL_CA => "%pdo_ca_file%",
]);
//This is the whole file for my project.
//If you need other constants, just add them to the array.
@MlleDelphine

This comment has been minimized.

Copy link

MlleDelphine commented Jun 20, 2016

Nice trick !

I was using this in my parameters.yml :

        options:
            1010: "/etc/mysql/client-key.pem" #priv_key 1010 #PDO::MYSQL_ATTR_SSL_KEY
            1011: "/etc/mysql/client-cert.pem" #pub_cert 1011 #PDO::MYSQL_ATTR_SSL_CERT
            1012: "/etc/mysql/ca-cert.pem" #ca_cert 1012 #PDO::MYSQL_ATTR_SSL_CA

But... It threw an error :
ContextErrorException: Warning: no valid certs found cafile stream:/etc/mysql/client-key.pem'`

I tried to bypass(directly in vendor for testing purpose) Doctrine2 PDOExtension class by constructing my own PDO instance. And after that, I got :
Warning: PDO::__construct(): Peer certificate CN='Ellememe' did not match expected CN='192.168.2.200'

But.. I told myself that "even if I change CN during certs generation I couldn't write directly in vendor".. Thanks to your solution maybe I could reconsider the issue !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.