Hi Szablcs,
Thanks for your report!
Best wishes,
Isaac
On 6/9/16 8:19 AM, Kordován Szabolcs wrote:
Hello,
I tested this dev version and it works fine.
Thanks.
Regards,
Szablcs
2016-06-09 5:15 GMT+02:00 Isaac Bennetch <bennetch(a)gmail.com
<mailto:bennetch@gmail.com>>:
Hello Kordován Szabolcs,
As noted in the issue tracker at
https://github.com/phpmyadmin/phpmyadmin/issues/12293 Michal has made
some improvements here.
Would you be able to test these changes and report back if it helps the
situation? If you don't use the git version, you can download an updated
snapshot from
https://github.com/phpmyadmin/phpmyadmin/archive/master.zip
Thanks
Isaac
On 6/4/16 4:45 PM, Isaac Bennetch wrote:
I think it's easier to track this in the
issue tracker than on the
mailing list, so we can track progress as a team. I've opened an issue
at
https://github.com/phpmyadmin/phpmyadmin/issues/12293
On 6/3/16 2:50 AM, Kordován Szabolcs wrote:
> Hi,
>
> Sorry for delay.
> I forgot the versions:
> Database server
>
> Server: fone2 (127.0.0.1 via TCP/IP)
> Server type: MySQL
> Server version: 5.7.12-0ubuntu1 - (Ubuntu)
> Protocol version: 10
> User: szabolcs@localhost
> Server charset: UTF-8 Unicode (utf8)
> Web server
>
> Apache/2.4.18 (Ubuntu)
> Database client version: libmysql - mysqlnd 5.0.12-dev - 20150407
- $Id:
> f59eb767fe17a6679589b5c076d9fa88d3d4eac0 $
> PHP extension: mysqli curl mbstring
> PHP version: 7.0.4-7ubuntu2.1
>
> openssl
>
> OpenSSL supportenabled
> OpenSSL Library VersionOpenSSL 1.0.2g-fips 1 Mar 2016
> OpenSSL Header VersionOpenSSL 1.0.2g-fips 1 Mar 2016
> Openssl default config/usr/lib/ssl/openssl.cnf
>
>
> If you have to authenticate with certification you use
mysqli_ssl_set().
> In this case you need private key and
certification. But if you want
> only a secure communication (like https) you don't need these.
Only
need
> mysqli_client_ssl flag to use ssl.
> From mysql log:
> 2016-06-03T06:02:02.098148Z11604 Connect
szabolcs(a)xxx.xxx.xxx.xxx
> on using SSL/TLS
>
> Regards,
> Szabolcs
>
> Date: Thu, 2 Jun 2016 09:16:40 -0400
> From: Isaac Bennetch <bennetch(a)gmail.com
<mailto:bennetch@gmail.com> <mailto:bennetch@gmail.com
<mailto:bennetch@gmail.com>>>
> To: Developer discussion for phpMyAdmin
<developers(a)phpmyadmin.net <mailto:developers@phpmyadmin.net>
> <mailto:developers@phpmyadmin.net
<mailto:developers@phpmyadmin.net>>>
> Subject: Re: [phpMyAdmin Developers]
Connect with SSL
> Message-ID: <dc965fae-89cf-26a0-d22a-c3b7fab3f561(a)gmail.com
<mailto:dc965fae-89cf-26a0-d22a-c3b7fab3f561@gmail.com>
>
<mailto:dc965fae-89cf-26a0-d22a-c3b7fab3f561@gmail.com
<mailto:dc965fae-89cf-26a0-d22a-c3b7fab3f561@gmail.com>>>
> Content-Type: text/plain; charset=utf-8
>
> Hi, thanks for your report and detailed research. Please see
below...
>
> On 6/2/16 8:24 AM, Kordován Szabolcs wrote:
> > Hi,
> >
> > I had a problem with secure connection to sql server.
> > I use mysqli extension, I configured server['ssl'] = true.
I have
> a user
> > 'szabolcs' in sql who needs ssl.
> > First I received 'mysqli_real_connect(): (HY000/1045): Access
> denied for
> > user 'szabolcs'@'localhost' (using password: YES)'.
> > That was why PMA doesn't use MYSQLI_CLIENT_SSL. I should
add
it to
> > $client_flags.
>
> As far as I'm aware, PHP doesn't need MYSQLI_CLIENT_SSL when
calling
> mysql_ssl_set() before
mysqli_real_connect(). The current
documentation
> doesn't reference this scenario at
all, but previous versions
did state
> that MYSQLI_CLIENT_SSL was not required
here (see, for
example, [1]).
>
> > After this I got the following error:'mysqli_query(): SSL
operation
> > failed with code 1. OpenSSL Error
messages:
error:0607A082:digital
> > envelope
routines:EVP_CIPHER_CTX_set_key_length:invalid key
length
> > error:0607A082:digital envelope
> > routines:EVP_CIPHER_CTX_set_key_length:invalid key length'.
> >
> > PMA uses openssel functions to encrypt values in cookie if
openssl
> > functions exist, other case PMA uses
Crypt\AES. With
Crypt\AES PMA
> works
> > fine.
> > I don't know the exact source of this problem. I think openssl
> functions
> > have a bug.
>
> There was some incompatibility between MySQL and OpenSSL (see
[2]),
> however the error reported was a bit
different.
>
> > Because the mysqli connection with ssl is successful After
connection
> > in common.inc.php
$auth_plugin->storeUserCredentials() is
called. This
> > function stores the username and
password and other
parameters into
> > cookie. To encrypt:
> > openssl_encrypt(
> > $data,
> > 'AES-128-CBC',
> > $secret,
> > 0,
> > $this->_cookie_iv
> > );
> > I think the problem is that openssl_encrypt change the
cipher to
> > AES-128-CBC globally. It means the
cipher of mysqli
connection is also
> > modified. This is why mysqli_query
failed after encryption.
>
> Interesting.
>
> > Here is my solution:
> >
> > diff -ruN original/libraries/dbi/DBIMysqli.php
> > working/libraries/dbi/DBIMysqli.php
> > --- original/libraries/dbi/DBIMysqli.php 2016-05-25
> > 19:07:44.000000000 +0200
> > +++ working/libraries/dbi/DBIMysqli.php 2016-05-26
> 15:55:49.000000000 +0200
> > @@ -152,6 +152,7 @@
> >
> > /* Optionally enable SSL */
> > if ($cfg['Server']['ssl']) {
> > + $client_flags |= MYSQLI_CLIENT_SSL;
> > mysqli_ssl_set(
> > $link,
> > $cfg['Server']['ssl_key'],
> > diff -ruN
original/libraries/plugins/auth/AuthenticationCookie.php
> >
working/libraries/plugins/auth/AuthenticationCookie.php
> > --- original/libraries/plugins/auth/AuthenticationCookie.php
> > 2016-05-25 19:07:44.000000000 +0200
> > +++ working/libraries/plugins/auth/AuthenticationCookie.php
> > 2016-05-26 15:56:27.000000000 +0200
> > @@ -661,6 +661,7 @@
> > */
> > public static function useOpenSSL()
> > {
> > + return false;
>
> This also makes me think about some sort of OpenSSL problem.
>
> > return (
> > function_exists('openssl_encrypt')
> > && function_exists('openssl_decrypt')
> > diff -ruN original/RELEASE-DATE-4.6.1
working/RELEASE-DATE-4.6.1
> > --- original/RELEASE-DATE-4.6.1
1970-01-01
01:00:00.000000000 +0100
> > +++ working/RELEASE-DATE-4.6.1
2016-05-02
17:24:00.000000000 +0200
> > @@ -0,0 +1 @@
> > +Mon May 2 21:23:35 UTC 2016
> >
> > Regards,
> > Szabolcs
> >
> >
> > _______________________________________________
> > Developers mailing list
> > Developers(a)phpmyadmin.net
<mailto:Developers@phpmyadmin.net> <mailto:Developers@phpmyadmin.net
<mailto:Developers@phpmyadmin.net>>
> >
https://lists.phpmyadmin.net/mailman/listinfo/developers
>
> >From phpinfo() could you please provide your OpenSSL
version? Mine
is
> 1.0.1k.
>
> >From the main page of phpMyAdmin, could you please provide
"Database
> client version", "PHP
extension", and "PHP version"
information? (Mine
> is libmysql - 5.5.49 / mysqli curl
mbstring / 5.6.20-0+deb8u1 )
>
> Regards,
> Isaac
>
>
> 1 -
>
http://board.phpbuilder.com/showthread.php?10383611-Connecting-PHP-and-MYSQ…
> 2 -
https://bugs.mysql.com/bug.php?id=64870
>
>
>
>
>
> _______________________________________________
> Developers mailing list
> Developers(a)phpmyadmin.net <mailto:Developers@phpmyadmin.net>
>
https://lists.phpmyadmin.net/mailman/listinfo/developers
>
_______________________________________________
Developers mailing list
Developers(a)phpmyadmin.net <mailto:Developers@phpmyadmin.net>
https://lists.phpmyadmin.net/mailman/listinfo/developers
_______________________________________________
Developers mailing list
Developers(a)phpmyadmin.net
https://lists.phpmyadmin.net/mailman/listinfo/developers