Skip to content

PdoSessionHandler with SQL Server and ODBC Driver 18 does not support option for TrustServerCertificate=yes #57743

New issue
New issue
Open
Open
PdoSessionHandler with SQL Server and ODBC Driver 18 does not support option for TrustServerCertificate=yes#57743
Labels
BugHttpFoundationStatus: Needs Review
@pauljura

Description

@pauljura
pauljura
opened on Jul 17, 2024

Symfony version(s) affected

7.1.2

Description

My application is connecting to a SQL Server database and also using it for session storage. I was using ODBC Driver 17 but recently upgraded to 18, which now defaults to enabling encryption.

Without any changes, I get the following error:

SQLSTATE[08001]: [Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: [error:0A000086:SSL routines::certificate verify failed:unable to get local issuer certificate]

For Doctrine, I can make it work by adding a new option TrustServerCertificate to my doctrine.yaml file:

connections:
    default:
        url: '%env(resolve:DATABASE_URL)%'
        options:
            TrustServerCertificate: yes

But I still get the error when Symfony tries to connect to the database for the session.

I've tried everything I could think of to pass the TrustServerCertificate option to PdoSessionHandler but nothing seems to work. Here's the relevant portion of my services.yaml file:

 Symfony\Component\HttpFoundation\Session\Storage\Handler\PdoSessionHandler:
     arguments:
         - '%env(DATABASE_URL)%'
         - { db_table: 'Session', db_id_col: 'ID', db_data_col: 'Data', db_time_col: 'Time', db_lifetime_col: 'ExpiresAt', lock_mode: 0, db_connection_options: { TrustServerCertificate: 'yes' } }

I've tried TrustServerCertificate: 'yes', TrustServerCertificate: 1, TrustServerCertificate: true. I've added ?TrustServerCertificate=yes (as well as 1 and true) to my database URL. Nothing I tried has worked.

Either I'm missing something or the extra options aren't taking any effect.

How to reproduce

Connect to a SQL Server database for sessions using the ODBC Driver 18

Possible Solution

The only way I've gotten the session connection to work was to manually edit the code in PdoSessionHandler, in the buildDsnFromUrl method, I add $dsn .= ';TrustServerCertificate=yes'; right before it returns $dsn.

If you look at how Doctrine does it in vendor/doctrine/dbal/src/Driver/PDO/SQLSrv/Driver.php, all the extra options are appended to the DSN. So probably PdoSessionHandler could do something similar, e.g. if I have ?TrustServerCertificate=yes&Foo=bar in my database URL then it could add ;TrustServerCertificate=yes;Foo=bar to the DSN.

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugHttpFoundationStatus: Needs Review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      pFad - Phonifier reborn

      Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

      Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


      Alternative Proxies:

      Alternative Proxy

      pFad Proxy

      pFad v3 Proxy

      pFad v4 Proxy