[Phpmyadmin-devel] Supporting SSL connections to MySQL

Marc Delisle marc at infomarc.info
Fri Sep 21 00:23:14 CEST 2012


Le 2012-09-19 20:27, Isaac Bennetch a écrit :
> On 9/19/2012 1:27 PM, Marc Delisle wrote:
>> Le 2012-09-19 13:10, Isaac Bennetch a écrit :
>>> Hi,
>>>
>>> While there is a configuration directive ($cfg['Servers'][$i]['ssl']) to
>>> use an SSL connection for connecting to the MySQL server[1], it doesn't
>>> seem to work. PHP requires a number of extra variables when initiating
>>> an SSL connection (certificate path, key file, etc). I think I've fixed
>>> up the existing code, but I don't have an ssl-enabled mysql install.
>>> Yeah, I'll probably eventually compile my own, but right now I don't
>>> have time for that.
>>>
>>> Is anyone in a position to test my branch?
>>> https://github.com/ibennetch/phpmyadmin.git in the ssl branch or
>>> https://github.com/ibennetch/phpmyadmin/zipball/ssl -- you'll want to
>>> refer to Documentation.html for the appropriate configuration options.
>>>
>>> Thanks
>>>
>>> 1 - not from the client to phpMyAdmin, that is ForceSSL and beyond the
>>> scope of what I'm talking about)
>>
>> Hi Isaac,
>> any particular MySQL version suggested for this test?
> 
> No, any MySQL (or variant such as MariaDB) that has ssl support compiled
> in should be valid for testing purposes. I'm sure I'll get around to
> compiling my own eventually, but hoped for a quick test in the meantime
> to see if I'm on the right track. Seems to me the groundwork was laid
> previously and there are just a few additional options that need to be
> configured...and, while we're discussing it on the list, making this
> feature work will require adding a few configuration options. Is that
> going to be acceptable?
> 
> Currently, we've already got $cfg['Servers'][$i]['ssl'] and my branch adds:
> $cfg['Servers'][$i]['ssl_key']
> $cfg['Servers'][$i]['ssl_cert']
> $cfg['Servers'][$i]['ssl_ca']
> $cfg['Servers'][$i]['ssl_ca_path']
> $cfg['Servers'][$i]['ssl_ciphers']
> 
> Which are all sort of explained in the PHP manual
> http://www.php.net/manual/en/mysqli.ssl-set.php ...anyone who has the
> wherewithal to enable only ssl connections probably knows where each of
> those items resides on their file system.
> 
> Regards,
> ~isaac

Isaac,
I have configured the server part but am not able to achieve a simple
SSL test connection via the mysql CLI ... so the following results might
mean nothing.

I get "Cannot log in to the MySQL server" with phpMyAdmin + your
modifications + the (hopefully) correct lines in config.inc.php.

-- 
Marc Delisle
http://infomarc.info




More information about the Developers mailing list