I am using the most recent PHP 5.3.6 on a Windows box. I configured a remote MySQL server to accept only SSL connections. Connecting works fine with the MySQL command line client:
mysql.exe -u user -h mysql.example.com -P 3307 --ssl-ca=C:\www\mysql.example.com.crt -p
However, I cannot connect through PHP. According to the PHP documentation, this is due to PHP 5.3 using the newer MySQL Native Driver (mysqlnd) by default. This driver does not support SSL.
I can't believe that they allowed such a regression to slip through (SSL being one of the few reasons why someone would use the mysqli rather than the mysql extension) without offering an easy way to revert back to the old libmysql driver which does support SSL.
On php.net, there is no indication about how to do this. Also, recompiling is not an option. My question thus is: how can this be done easily?
On php.net, there is no indication about how to do this. Also, recompiling is not an option.
In order to create the mysql, mysqli and PDO extensions, PHP must be compiled against a MySQL interface library. You can't simply swap out that underlying library. In order to use another library, like the one provided by MySQL, you have to recompile PHP against it.
The reason for the switch to the native library is that the MySQL-provided library is released under the GPL. The PHP license is not compatible with the GPL, so distributing PHP binaries compiled against GPL code is pretty high up on the Thou Shalt Not list. You can thank and/or curse the MySQL folks for this bit of utter stupidity. Only idiots and evil people release library code under the GPL.
</rant>
If you can't recompile, you're probably out of luck. Keep in mind that Microsoft offers VC9 (Visual Studio 2008) at no cost, so you should be able to perform the recompile, if needed.
You might want to explore other options for a secure connection to your MySQL server.
If the remote machine is Linux or otherwise Unix-based, then using an SSH tunnel (port forwarding) may work for you. There are numerous SSH clients for Windows that can do this.
You should also consider OpenVPN, a VPN solution built on top of SSL/TLS. You can use this to establish a secure connection between the two machines without needing to worry about protocol-level security.