Hi,
While there is a configuration directive ($cfg['Servers'][$i]['ssl']) to use an SSL connection for connecting to the MySQL server[1], it doesn't seem to work. PHP requires a number of extra variables when initiating an SSL connection (certificate path, key file, etc). I think I've fixed up the existing code, but I don't have an ssl-enabled mysql install. Yeah, I'll probably eventually compile my own, but right now I don't have time for that.
Is anyone in a position to test my branch? https://github.com/ibennetch/phpmyadmin.git in the ssl branch or https://github.com/ibennetch/phpmyadmin/zipball/ssl -- you'll want to refer to Documentation.html for the appropriate configuration options.
Thanks
1 - not from the client to phpMyAdmin, that is ForceSSL and beyond the scope of what I'm talking about)
Le 2012-09-19 13:10, Isaac Bennetch a écrit :
Hi,
While there is a configuration directive ($cfg['Servers'][$i]['ssl']) to use an SSL connection for connecting to the MySQL server[1], it doesn't seem to work. PHP requires a number of extra variables when initiating an SSL connection (certificate path, key file, etc). I think I've fixed up the existing code, but I don't have an ssl-enabled mysql install. Yeah, I'll probably eventually compile my own, but right now I don't have time for that.
Is anyone in a position to test my branch? https://github.com/ibennetch/phpmyadmin.git in the ssl branch or https://github.com/ibennetch/phpmyadmin/zipball/ssl -- you'll want to refer to Documentation.html for the appropriate configuration options.
Thanks
1 - not from the client to phpMyAdmin, that is ForceSSL and beyond the scope of what I'm talking about)
Hi Isaac, any particular MySQL version suggested for this test?
On 9/19/2012 1:27 PM, Marc Delisle wrote:
Le 2012-09-19 13:10, Isaac Bennetch a écrit :
Hi,
While there is a configuration directive ($cfg['Servers'][$i]['ssl']) to use an SSL connection for connecting to the MySQL server[1], it doesn't seem to work. PHP requires a number of extra variables when initiating an SSL connection (certificate path, key file, etc). I think I've fixed up the existing code, but I don't have an ssl-enabled mysql install. Yeah, I'll probably eventually compile my own, but right now I don't have time for that.
Is anyone in a position to test my branch? https://github.com/ibennetch/phpmyadmin.git in the ssl branch or https://github.com/ibennetch/phpmyadmin/zipball/ssl -- you'll want to refer to Documentation.html for the appropriate configuration options.
Thanks
1 - not from the client to phpMyAdmin, that is ForceSSL and beyond the scope of what I'm talking about)
Hi Isaac, any particular MySQL version suggested for this test?
No, any MySQL (or variant such as MariaDB) that has ssl support compiled in should be valid for testing purposes. I'm sure I'll get around to compiling my own eventually, but hoped for a quick test in the meantime to see if I'm on the right track. Seems to me the groundwork was laid previously and there are just a few additional options that need to be configured...and, while we're discussing it on the list, making this feature work will require adding a few configuration options. Is that going to be acceptable?
Currently, we've already got $cfg['Servers'][$i]['ssl'] and my branch adds: $cfg['Servers'][$i]['ssl_key'] $cfg['Servers'][$i]['ssl_cert'] $cfg['Servers'][$i]['ssl_ca'] $cfg['Servers'][$i]['ssl_ca_path'] $cfg['Servers'][$i]['ssl_ciphers']
Which are all sort of explained in the PHP manual http://www.php.net/manual/en/mysqli.ssl-set.php ...anyone who has the wherewithal to enable only ssl connections probably knows where each of those items resides on their file system.
Regards, ~isaac
Isaac Bennetch a écrit :
On 9/19/2012 1:27 PM, Marc Delisle wrote:
Le 2012-09-19 13:10, Isaac Bennetch a écrit :
Hi,
While there is a configuration directive ($cfg['Servers'][$i]['ssl']) to use an SSL connection for connecting to the MySQL server[1], it doesn't seem to work. PHP requires a number of extra variables when initiating an SSL connection (certificate path, key file, etc). I think I've fixed up the existing code, but I don't have an ssl-enabled mysql install. Yeah, I'll probably eventually compile my own, but right now I don't have time for that.
Is anyone in a position to test my branch? https://github.com/ibennetch/phpmyadmin.git in the ssl branch or https://github.com/ibennetch/phpmyadmin/zipball/ssl -- you'll want to refer to Documentation.html for the appropriate configuration options.
Thanks
1 - not from the client to phpMyAdmin, that is ForceSSL and beyond the scope of what I'm talking about)
Hi Isaac, any particular MySQL version suggested for this test?
No, any MySQL (or variant such as MariaDB) that has ssl support compiled in should be valid for testing purposes. I'm sure I'll get around to compiling my own eventually, but hoped for a quick test in the meantime to see if I'm on the right track. Seems to me the groundwork was laid previously and there are just a few additional options that need to be configured...and, while we're discussing it on the list, making this feature work will require adding a few configuration options. Is that going to be acceptable?
Currently, we've already got $cfg['Servers'][$i]['ssl'] and my branch adds: $cfg['Servers'][$i]['ssl_key'] $cfg['Servers'][$i]['ssl_cert'] $cfg['Servers'][$i]['ssl_ca'] $cfg['Servers'][$i]['ssl_ca_path'] $cfg['Servers'][$i]['ssl_ciphers']
Which are all sort of explained in the PHP manual http://www.php.net/manual/en/mysqli.ssl-set.php ...anyone who has the wherewithal to enable only ssl connections probably knows where each of those items resides on their file system.
Regards, ~isaac
I'm setting up my SSL environment and will get back to you.
Le 2012-09-19 20:27, Isaac Bennetch a écrit :
On 9/19/2012 1:27 PM, Marc Delisle wrote:
Le 2012-09-19 13:10, Isaac Bennetch a écrit :
Hi,
While there is a configuration directive ($cfg['Servers'][$i]['ssl']) to use an SSL connection for connecting to the MySQL server[1], it doesn't seem to work. PHP requires a number of extra variables when initiating an SSL connection (certificate path, key file, etc). I think I've fixed up the existing code, but I don't have an ssl-enabled mysql install. Yeah, I'll probably eventually compile my own, but right now I don't have time for that.
Is anyone in a position to test my branch? https://github.com/ibennetch/phpmyadmin.git in the ssl branch or https://github.com/ibennetch/phpmyadmin/zipball/ssl -- you'll want to refer to Documentation.html for the appropriate configuration options.
Thanks
1 - not from the client to phpMyAdmin, that is ForceSSL and beyond the scope of what I'm talking about)
Hi Isaac, any particular MySQL version suggested for this test?
No, any MySQL (or variant such as MariaDB) that has ssl support compiled in should be valid for testing purposes. I'm sure I'll get around to compiling my own eventually, but hoped for a quick test in the meantime to see if I'm on the right track. Seems to me the groundwork was laid previously and there are just a few additional options that need to be configured...and, while we're discussing it on the list, making this feature work will require adding a few configuration options. Is that going to be acceptable?
Currently, we've already got $cfg['Servers'][$i]['ssl'] and my branch adds: $cfg['Servers'][$i]['ssl_key'] $cfg['Servers'][$i]['ssl_cert'] $cfg['Servers'][$i]['ssl_ca'] $cfg['Servers'][$i]['ssl_ca_path'] $cfg['Servers'][$i]['ssl_ciphers']
Which are all sort of explained in the PHP manual http://www.php.net/manual/en/mysqli.ssl-set.php ...anyone who has the wherewithal to enable only ssl connections probably knows where each of those items resides on their file system.
Regards, ~isaac
Isaac, I have configured the server part but am not able to achieve a simple SSL test connection via the mysql CLI ... so the following results might mean nothing.
I get "Cannot log in to the MySQL server" with phpMyAdmin + your modifications + the (hopefully) correct lines in config.inc.php.
-
Isaac Bennetch -
Marc Delisle