Hi,
I had a problem with secure connection to sql server.
I use mysqli extension, I configured server['ssl'] = true. I have a user
'szabolcs' in sql who needs ssl.
First I received 'mysqli_real_connect(): (HY000/1045): Access denied for
user 'szabolcs'@'localhost' (using password: YES)'.
That was why PMA doesn't use MYSQLI_CLIENT_SSL. I should add it to
$client_flags.
After this I got the following error:'mysqli_query(): SSL operation failed
with code 1. OpenSSL Error messages: error:0607A082:digital envelope
routines:EVP_CIPHER_CTX_set_key_length:invalid key length
error:0607A082:digital envelope
routines:EVP_CIPHER_CTX_set_key_length:invalid key length'.
PMA uses openssel functions to encrypt values in cookie if openssl
functions exist, other case PMA uses Crypt\AES. With Crypt\AES PMA works
fine.
I don't know the exact source of this problem. I think openssl functions
have a bug.
Because the mysqli connection with ssl is successful After connection in
common.inc.php $auth_plugin->storeUserCredentials() is called. This
function stores the username and password and other parameters into cookie.
To encrypt:
openssl_encrypt(
$data,
'AES-128-CBC',
$secret,
0,
$this->_cookie_iv
);
I think the problem is that openssl_encrypt change the cipher to
AES-128-CBC globally. It means the cipher of mysqli connection is also
modified. This is why mysqli_query failed after encryption.
Here is my solution:
diff -ruN original/libraries/dbi/DBIMysqli.php
working/libraries/dbi/DBIMysqli.php
--- original/libraries/dbi/DBIMysqli.php 2016-05-25
19:07:44.000000000 +0200
+++ working/libraries/dbi/DBIMysqli.php 2016-05-26 15:55:49.000000000 +0200
@@ -152,6 +152,7 @@
/* Optionally enable SSL */
if ($cfg['Server']['ssl']) {
+ $client_flags |= MYSQLI_CLIENT_SSL;
mysqli_ssl_set(
$link,
$cfg['Server']['ssl_key'],
diff -ruN original/libraries/plugins/auth/AuthenticationCookie.php
working/libraries/plugins/auth/AuthenticationCookie.php
--- original/libraries/plugins/auth/AuthenticationCookie.php 2016-05-25
19:07:44.000000000 +0200
+++ working/libraries/plugins/auth/AuthenticationCookie.php 2016-05-26
15:56:27.000000000 +0200
@@ -661,6 +661,7 @@
*/
public static function useOpenSSL()
{
+ return false;
return (
function_exists('openssl_encrypt')
&& function_exists('openssl_decrypt')
diff -ruN original/RELEASE-DATE-4.6.1 working/RELEASE-DATE-4.6.1
--- original/RELEASE-DATE-4.6.1 1970-01-01 01:00:00.000000000 +0100
+++ working/RELEASE-DATE-4.6.1 2016-05-02 17:24:00.000000000 +0200
@@ -0,0 +1 @@
+Mon May 2 21:23:35 UTC 2016
Regards,
Szabolcs
Hi, a user on Stackoverflow is reporting that their Import and Export
links don't show the main page; he/she sees the navigation pane, menu
bar, and console but no content in the main pane. Any thoughts about
what could cause that behavior? Report and screenshot at
http://stackoverflow.com/q/36877554/2385479
You may have already noticed, but a few weeks ago Github rolled out a
new feature where you can select what type of merge to perform when
merging a pull request. It appears you can now squash and rebase commits
by clicking the confirmation dropdown, rather than performing an actual
merge commit. This seems like a helpful feature.
Isaac
Currently, the release instructions prompt me to create a MAINT branch
for each release. That way, if we have a security fix for 4.6.2 we can
go to MAINT_4_6_2 and perform the work there. I think this is overkill
-- for instance, we haven't done a patch-level security release on 4.6.0
or 4.6.1.
If we need to do a security release, we can create the MAINT branch later:
git checkout RELEASE_4_6_2
git checkout -b MAINT_4_6_2
I'm proposing that we stop creating MAINT branches for each release.
This isn't something I feel particularly strongly about, so I could be
convinced to withdraw my proposal, but I don't see much value in
maintaining MAINT branches we aren't using.
A side-effect of this is that currently, the demo server has STABLE,
QA_4_6, and MAINT_4_6_2 [1]; QA_4_6 will change until our next release
and STABLE and MAINT_4_6_2 will remain the same unless we need to
release a 4.6.2.1, in which case both would be updated. For the demo
server, I may be missing a scenario but don't see how the current MAINT
and STABLE would differ, meaning we can remove MAINT from there as well.
1 - technically, the demo server currently has MAINT_4_6_1, but based on
response to this thread I'll update it soon.
Hello there,
I constructed a minimum example:
Create a table (I called mine "Stuff") - first column, integer,
unsigned, primary key.
Second column, integer, unsigned, unique index.
Create.
The icon shown is a slightly less saturated primary index icon, NOT the
unique one (which has a red U)
Alec