I've setup mysqlnd_ms to use read/write splitting but when I require SSL (using REQUIRE ISSUER to check signer of client cert) the connection is rejected. It seems that the driver options array that contains the PDO::MYSQL_ATTR_SSL_*
paths to the certificate and key files is being ignored with the host matches a mysqlnd_ms config
. If I connect with a direct address:port
instead of matching with the mysqlnd_ms config
it works fine.
The error message does include the right username which is not in the mysqlnd_ms config so at least that is working when making a new PDO object.
I'm using PHP 5.5.25, mysqlnd 5.0.11, mysqlnd_ms 1.5.2, Percona XtraDB Cluster 5.6.21.
My config file:
{
"10.2.90.27": {
"master": {
"master_0": {
"host": "10.2.90.27",
"port": "33455"
}
},
"slave": {
"slave_0": {
"host": "10.2.90.27",
"port": "33406"
}
}
}
}
Yes, the IP is the same for master and slave. It's a VIP shared by two load balancers (HAProxy) and the port number determines which nodes the connection goes to. HAProxy is providing failover because it has the capability to do health checks.
How can I get mysqlnd_ms
and PDO_MYSQL using client SSL certificates to work with each other?