You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Zoneminder's PHP code is unable to connect to a MySQL sever over SSL with a self-signed CA database server certificate, producing the error "SQLSTATE[HY000] [2002] Cannot connect to MySQL using SSL".
To Reproduce
Steps to reproduce the behavior:
Configure Zoneminder's ZM_DB_SSL_CA_CERT, ZM_DB_SSL_CLIENT_KEY, & ZM_DB_SSL_CLIENT_CERT parameters, pointing them at the self-signed CA certificate, and client certificate and key files.
Start Zoneminder's PHP-FPM server.
Load Zoneminder in the browser.
Confirm the error stated above.
Expected behavior
Zoneminder should be able to connect to a database server with a self-signed CA certificate.
The problem is rather trivial to solve by editing the includes/database.php file and inserting the PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false PDO configuration option right below the PDO::MYSQL_ATTR_SSL_CERT option on line 57. Using that, Zoneminder can easily connect to the database server and the error goes away. So, perhaps the server CA certificate verification setting could be abstracted away behind a new ZM_DB_SSL_VERIFY_SERVER_CERT parameter, or something similar?
Please let me know if you'd like a merge request for something like this.
Than you!
The text was updated successfully, but these errors were encountered:
I've submitted PR 3817 to take care of this issue. Please keep in mind that I'm far from familiar with the ZoneMinder source, so I took my best shot at covering what sifting through the code suggested was all the necessary bases.
Please let me know if I missed anything, thank you!
Describe Your Environment
Describe the bug
Zoneminder's PHP code is unable to connect to a MySQL sever over SSL with a self-signed CA database server certificate, producing the error "SQLSTATE[HY000] [2002] Cannot connect to MySQL using SSL".
To Reproduce
Steps to reproduce the behavior:
ZM_DB_SSL_CA_CERT
,ZM_DB_SSL_CLIENT_KEY
, &ZM_DB_SSL_CLIENT_CERT
parameters, pointing them at the self-signed CA certificate, and client certificate and key files.Expected behavior
Zoneminder should be able to connect to a database server with a self-signed CA certificate.
The problem is rather trivial to solve by editing the
includes/database.php
file and inserting thePDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
PDO configuration option right below thePDO::MYSQL_ATTR_SSL_CERT
option on line 57. Using that, Zoneminder can easily connect to the database server and the error goes away. So, perhaps the server CA certificate verification setting could be abstracted away behind a newZM_DB_SSL_VERIFY_SERVER_CERT
parameter, or something similar?Please let me know if you'd like a merge request for something like this.
Than you!
The text was updated successfully, but these errors were encountered: