我熟悉在HTTPS中实现的公钥/私钥协商,这就是为什么我对PDO的
MySQL驱动程序的
apparently available(虽然没有正式记录)的以下驱动程序选项感到困惑：

PDO::MYSQL_ATTR_SSL_KEY
PDO::MYSQL_ATTR_SSL_CERT
PDO::MYSQL_ATTR_SSL_CA

该链接表明它们指向本地存储的文件 – 但为什么除了CA证书之外的任何副本都会存储在客户端上？有没有人使用这种方法成功建立加密连接？

最佳答案 这与客户端必须具有的客户端证书有关,以便能够连接到服务器,即客户端必须验证其身份(是的,SSL也可以反过来工作).首先阅读一般部分
Using SSL for Secure Connections,然后查看
GRANT syntax中的REQUIRE子句：

• REQUIRE X509 means that the client must have a valid certificate but that the exact certificate, issuer, and subject do not matter. The only requirement is that it should be possible to verify its signature with one of the CA certificates.

• REQUIRE ISSUER 'issuer' places the restriction on connection attempts that the client must present a valid X509 certificate issued by CA ‘issuer’. If the client presents a certificate that is valid but has a different issuer, the server rejects the connection. Use of X509 certificates always implies encryption, so the SSL option is unnecessary in this case.

• …