-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[TLS] Cannot connect to remote db #199
Comments
@SimonFrings @clue any ideas? I have done more debugging and logging and found this alongside the error in the initial issue post:
Original / current error, as a reminder:
Running
In short: it exists, connects, responds as expected with Finally, as mentioned above, my local SQL GUI connects with the exact same connection information and local certificate file. So it must be something with the connector or its configuration but the docs are unclear and I cannot see the issue, even after manually debugging and then GPTing for a while 😉. |
Oh and the ...
ConnectionInterface::class => function (EnvironmentInterface $environment) {
$user = $environment->getDatabaseUser();
$password = $environment->getDatabasePassword();
$host = $environment->getDatabaseHost();
$name = $environment->getDatabaseName();
$certificate = $environment->getMySqlTlsCertificatePath();
$connector = new SocketConnector([
'tls' => [
'cafile' => dirname(__DIR__).'/'.$certificate,
'verify_peer' => true,
'verify_peer_name' => true,
'allow_self_signed' => false,
],
]);
$credentials = "{$user}:{$password}@{$host}/{$name}";
$factory = new ConnectionFactory(null, $connector);
return $factory->createLazyConnection($credentials);
}
... And yes, I tried with |
Hey @jamesrweb, thanks for bringing this up 👍 This is not a configuration problem on your end, it's because we don't have built in support for secure TLS connections. There's also an open feature request for this in #49 which also depends on the open ticket in Socket reactphp/socket#89. I can't really say when this feature will come, as our highest priority is currently to prepare ReactPHP v3 for the upcoming ReactPHP birthday. If you need this more urgently you can also reach out to us. Let's use #49 for further discussion about this topic, so I'll close this ticket here. |
Okay but @SimonFrings, the docs clearly say:
And so this must be possible or it's a lie, which I don't believe it to be, but checking the docs here and for the connector, etc, it is unclear how to achieve this. If it is in the docs, it must be possible and so again, I ask, are the docs correct or not? If not, they should really be updated and corrected because I wasted quite a bit of time on this... I ended up migrating to pure PDO and thus, lost all the benefits of the async implementation. Also, the docs for framework-x itself recommend this project (in the book example) and so I assume other users have hit the same issue, even if they haven't raised it, for this reason and perhaps that has also reduced adoption accordingly or caused others to go this route like I was forced to instead. |
@jamesrweb Very much understand your frustration and would love to see built-in TLS support as well, but as @SimonFrings suggested above, this projects currently only offers limited TLS support and the full implementation depends on #49 at the moment. While the documentation may be technically right (the best kind of right), I agree it can be seen as misleading. For what it's worth, we use the same documentation snippet across our components and TLS parameters may indeed be set here as well, but they simply won't have an effect at the moment. PRs to improve this welcome, I guess. If you need TLS support for a commercial projects, please reach out and I'm happy to work something out to make sure we can ship this in this project as soon as possible. In the meantime, you may use either unencrypted connections (depending on your provider and connection setup), potentially use an SSH tunnel instead (e.g. https://github.com/clue/reactphp-ssh-proxy#database-tunnel), or you may use a TLS proxy (e.g. https://proxysql.com/documentation/SSL-Support/) to work around this limitation. As @SimonFrings suggested, let's continue this discussion in #49. Thank you for your support! |
As the title states, I have a Linode MySQL cluster and need to connect to it via TLS, it's a mandatory requirement. I have passed the certificate path and tried verifying peers, using
local_cert
and more but it still won't connect. I use clue/framework-x and inside my DI container, I instantiate the connection like so:The information is all correct and I can see the
$credentials
contains all necessary values. This is my current version but as I said, I have tried withverify_peer
,verify_peer_name
,local_cert
, etc but still it cannot connect.Using my local MySQL GUI, the connection with the exact same connection details and certificate is fine and so it must be something to do with the connector as far as I can understand it and the error thrown is:
Anyway, if someone can point me to the right direction I would appreciate it because I have my
.crt
file and just need to connect to the database but the documentation for this and TLS isn't very clear and I have tried everything I can think of now, so any help would be great 🤷🏻.The text was updated successfully, but these errors were encountered: