[Phpmyadmin-devel] Supporting SSL connections to MySQL
Isaac Bennetch
bennetch at gmail.com
Thu Sep 20 02:27:02 CEST 2012
On 9/19/2012 1:27 PM, Marc Delisle wrote:
> Le 2012-09-19 13:10, Isaac Bennetch a écrit :
>> Hi,
>>
>> While there is a configuration directive ($cfg['Servers'][$i]['ssl']) to
>> use an SSL connection for connecting to the MySQL server[1], it doesn't
>> seem to work. PHP requires a number of extra variables when initiating
>> an SSL connection (certificate path, key file, etc). I think I've fixed
>> up the existing code, but I don't have an ssl-enabled mysql install.
>> Yeah, I'll probably eventually compile my own, but right now I don't
>> have time for that.
>>
>> Is anyone in a position to test my branch?
>> https://github.com/ibennetch/phpmyadmin.git in the ssl branch or
>> https://github.com/ibennetch/phpmyadmin/zipball/ssl -- you'll want to
>> refer to Documentation.html for the appropriate configuration options.
>>
>> Thanks
>>
>> 1 - not from the client to phpMyAdmin, that is ForceSSL and beyond the
>> scope of what I'm talking about)
>
> Hi Isaac,
> any particular MySQL version suggested for this test?
No, any MySQL (or variant such as MariaDB) that has ssl support compiled
in should be valid for testing purposes. I'm sure I'll get around to
compiling my own eventually, but hoped for a quick test in the meantime
to see if I'm on the right track. Seems to me the groundwork was laid
previously and there are just a few additional options that need to be
configured...and, while we're discussing it on the list, making this
feature work will require adding a few configuration options. Is that
going to be acceptable?
Currently, we've already got $cfg['Servers'][$i]['ssl'] and my branch adds:
$cfg['Servers'][$i]['ssl_key']
$cfg['Servers'][$i]['ssl_cert']
$cfg['Servers'][$i]['ssl_ca']
$cfg['Servers'][$i]['ssl_ca_path']
$cfg['Servers'][$i]['ssl_ciphers']
Which are all sort of explained in the PHP manual
http://www.php.net/manual/en/mysqli.ssl-set.php ...anyone who has the
wherewithal to enable only ssl connections probably knows where each of
those items resides on their file system.
Regards,
~isaac
More information about the Developers
mailing list