Hi,
I am trying to test install OJS 3.5.0.3 on Azure App Service (Linux, PHP) using Azure Database for MySQL, and I keep hitting a blocker during installation that appears to be related to SSL/TLS handling in mysqli.
Environment
- OJS: 3.5.0.3
- PHP: 8.x (App Service default)
- Database: Azure Database for MySQL
- MySQL setting:
require_secure_transport = ON(default / recommended on Azure)
The problem
During test installation (php tools/install.php), the process fails at JournalsMigration with the following message:
“SQLSTATE[HY000] [3159] Connections using insecure transport are prohibited while --require_secure_transport=ON”
This happens consistently when OJS attempts to create tables.
What I have already verified:
- MySQL firewall rules are correct (App Service outbound IPs allowed).
- Database credentials are correct (username format user@servername).
- SSL CA certificate is present and readable
config.inc.phpcontains ssl_ca = /../site/certs/DigiCertGlobalRootG2.crt.pem- I can connect successfully using: mysql -h server.mysql.database.azure.com -u user@server -p --ssl
- A standalone PHP test script using
mysqli_ssl_set()and
MYSQLI_CLIENT_SSLconnects successfully and confirmsSsl_cipheris in use.
Observation
From debugging, it appears that OJS does not pass MYSQLI_CLIENT_SSL when calling mysqli_real_connect(), so even with ssl_ca set, Azure MySQL still considers the connection “insecure” and rejects it.
I think a manual patch to the DB connection code (forcing MYSQLI_CLIENT_SSL) can resolve the issue, but this is obviously not ideal for a standard installation.
My question is if any anyone has found a clean, supported way to install OJS (version 3.5 >) on Azure MySQL with enforced TLS without patching core files?
Thanks in advance.
–Obi