herd-community icon indicating copy to clipboard operation
herd-community copied to clipboard
verified publisher icon beyondcode

[Bug]: ProxySQL Error: Access denied for user 'XXX' (using password: YES). SSL is required

Open MrMooky opened this issue 1 year ago • 4 comments

Platform

macOS

Operating system version

Sonoma 14.4.1

System architecture

ARM64 (M1, M2, etc)

Herd Version

1.6.0

PHP Version

PHP 8.2

Bug description

I'm not quite sure if this is a bug, sorry if it isn't and it's just me being stupid. Essentially, I want to connect to an external database from a local installation. When using the correct credentials, I'm getting this error:

SQLSTATE[HY000] [1045] ProxySQL Error: Access denied for user 'ABC' (using password: YES). SSL is required

This is the connection I'm using:

'mysqlMittwald' => [
    'driver' => 'mysql',
    'host' => env('MW_DB_HOST'),
    'port' => env('MW_DB_PORT', '3306'),
    'database' => env('MW_DB_DATABASE'),
    'username' => env('MW_DB_USERNAME'),
    'password' => env('MW_DB_PASSWORD', ''),
    'strict' => true,
    'engine' => null,
    'charset' => 'utf8mb4',
    'collation' => 'utf8mb4_unicode_ci',
],

I never used it before, but I think I may need to add the following in order for it to work:

'options' => [
    PDO::MYSQL_ATTR_SSL_KEY => path/to/ssl/client-key.pem,
    PDO::MYSQL_ATTR_SSL_CERT => path/to/ssl/client-cert.pem,
    PDO::MYSQL_ATTR_SSL_CA => path/to/ssl/ca-cert.pem
]

But I don't know where those are located. There is a cacert.pem in Library/Application Support/Herd/config/php which may be needed for MYSQL_ATTR_SSL_CA, but I don't think that's the right file and it kind of feels odd to use a path like that inside my app.

Steps to reproduce

No response

Relevant log output

No response

MrMooky avatar Apr 22 '24 14:04 MrMooky

I just want to double check if this is still an existing problem as it looks that we've missed this issue for a while and not given you any hints.

Are you sure that your .env vars are correct?

sschlein avatar May 08 '24 08:05 sschlein

Yes, they are correct. I can connect via my SQL client.

MrMooky avatar May 08 '24 08:05 MrMooky

I just tried to reproduce this by creating a fresh DigitalOcean database cluster, which also requires SSL: CleanShot 2024-05-08 at 12 27 09

And I was able to connect to it without any special configuration - so this error seems to be specific to Mittwald's database hosting. Newer versions of Laravel have this setup as their options config array:

            'options' => extension_loaded('pdo_mysql') ? array_filter([
                PDO::MYSQL_ATTR_SSL_CA => env('MYSQL_ATTR_SSL_CA'),
            ]) : [],

Maybe this works for you? This way you could specify the path to the SSL_CA if needed in your .env file.

mpociot avatar May 08 '24 10:05 mpociot

@mpociot I never had to use this, so what would I enter for the MYSQL_ATTR_SSL_CA variable? That was my initial question:

But I don't know where those are located. There is a cacert.pem in Library/Application Support/Herd/config/php which may be needed for MYSQL_ATTR_SSL_CA, but I don't think that's the right file and it kind of feels odd to use a path like that inside my app.

To my understanding, I need to supply a local certificate which Herd / Valet provides? 🤔

MrMooky avatar May 14 '24 11:05 MrMooky

@MrMooky were you able to resolve this? 🤔 I don't really know where/why you would need to manually provide this env variable value

mpociot avatar Aug 09 '24 09:08 mpociot

@MrMooky were you able to resolve this? 🤔 I don't really know where/why you would need to manually provide this env variable value

No, it's not working as expected but the issue is not related to Herd directly. I'm going to close this.

MrMooky avatar Aug 09 '24 10:08 MrMooky