[horde] Mysql ssl connection problem

woj woj wojnas at gmail.com
Sun Feb 16 10:37:36 UTC 2014 

Maybe someone could help me and tell howto try debug the problem?
In connection settings i  have ssl on, and patch to ca certificate.
In logs is no error, but when i check transmision on target host by tcpdump
conversation is in clear text.


2014-02-14 12:06 GMT+01:00 woj woj <wojnas at gmail.com>:

>
>
>
> 2014-02-14 11:54 GMT+01:00 Jan Schneider <jan at horde.org>:
>
>
>> Zitat von woj woj <wojnas at gmail.com>:
>>
>>
>>  2014-02-14 10:02 GMT+01:00 Michael M Slusarz <slusarz at horde.org>:
>>>
>>>  Quoting woj woj <wojnas at gmail.com>:
>>>>
>>>>  2014-02-14 9:38 GMT+01:00 Arjen de Korte <arjen+horde at de-korte.org>:
>>>>
>>>>>
>>>>>  Citeren woj woj <wojnas at gmail.com>:
>>>>>
>>>>>>
>>>>>>
>>>>>>  Hello,
>>>>>>
>>>>>>  i got problem with ssl connection to mysql server.
>>>>>>> It is different server for changing passwords.
>>>>>>> I checked horde and httpd log, and everything is allright.
>>>>>>> I also checked ssl connection to mysql and its ok.
>>>>>>> Certificate is readable by httpd user
>>>>>>>
>>>>>>> Here is my config/config.local.php
>>>>>>>
>>>>>>>
>>>>>>>  What file is this? As far as I know, the only config/config.php
>>>>>> file used
>>>>>> by horde is under admin/config/config.php, but this does not contain
>>>>>> variables you can override. So what are you attempting to do here?
>>>>>>
>>>>>>
>>>>>>  <?php
>>>>>>
>>>>>>  $conf['wsql']['username'] = 'username';
>>>>>>> $conf['wsql']['password'] = 'password';
>>>>>>> $conf['wsql']['hostspec'] = 'srv_addres';
>>>>>>> $conf['wsql']['port'] = 3306;
>>>>>>> $conf['wsql']['protocol'] = 'tcp';
>>>>>>> $conf['wsql']['database'] = 'databasename';
>>>>>>> $conf['wsql']['charset'] = 'utf-8';
>>>>>>> $conf['wsql']['ssl'] = true;
>>>>>>> $conf['wsql']['ca'] = '/patch/to/cert.pem';
>>>>>>>
>>>>>>>
>>>>>>>  A certification authority (that's what the 'ca' probably stands
>>>>>> for) is
>>>>>> not the same as a client certificate. I'm not even sure Horde is able
>>>>>> to
>>>>>> use client certificates for authentication to a Sql server.
>>>>>>
>>>>>>
>>>>>>  $conf['wsql']['splitread'] = false;
>>>>>>
>>>>>>  $conf['wsql']['phptype'] = 'mysql';
>>>>>>>
>>>>>>>
>>>>>>>  Where is the 'wsql' from? I can't find any references to that in
>>>>>> Horde.
>>>>>>
>>>>>>
>>>>>>  P.s. I checked transmission by tcpdump, and everything is in
>>>>>> cleartext
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> Horde mailing list
>>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>>>
>>>>>>
>>>>>>  Arjen thanks for your answer.
>>>>>>
>>>>>
>>>>> I have two mysql databases:
>>>>> 1. Localhost database for horde (no ssl).
>>>>> 2. Remote database on different host to reset passwords and activate
>>>>> vacations. (ssl is mandatory)
>>>>>
>>>>> I create file config.local.php in horde/config/  with definition for
>>>>> new
>>>>> variable for connection to different host.
>>>>>
>>>>>
>>>> Horde does not read any config.local.php file.  So that's not going to
>>>> do
>>>> anything.
>>>>
>>>>
>>>>  In passwd configuration I use my on varibble $GLOBALS['conf']['wsql']
>>>> for
>>>>
>>>>> configuration, and everything works ok, except ssl connection.
>>>>>
>>>>> $conf['wsql']['ca'] = is patch to bundle ca certificate.
>>>>>
>>>>>
>>>> This won't work either.  You configure a Passwd SQL backend in the
>>>> passwd/config/backends.local.php file.
>>>>
>>>> You can't just start adding random config options to a configuration
>>>> file
>>>> and expect them to do anything.
>>>>
>>>> michael
>>>> --
>>>>
>>>> ___________________________________
>>>> Michael Slusarz [slusarz at horde.org]
>>>>
>>>>
>>>> --
>>>> Horde mailing list
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>
>>>>
>>>
>>> Ok, I understand.
>>> I put everything in passwd/config/backends.local.php
>>>
>>> Result is the same - any ideas ?
>>>
>>> <?php
>>>     $backends['sql'] = array(
>>>     'disabled' => false,
>>>     'name' => 'Postfix SQL Authentication',
>>>     'driver' => 'Sql',
>>>     'policy' => array(
>>>         'minLength' => 8,
>>>         'minNumeric' => 1,
>>>         'minUpper' => 1,
>>>         'minLower' => 1,
>>>         'minSymbol' => 1,
>>>     ),
>>>     'params' => array(
>>>                         'phptype' => 'mysql',
>>>                         'hostspec' => 'srv_addres',
>>>                         'username' => 'username',
>>>                         'password' => 'password',
>>>                         'port' => '3306',
>>>                         'protocol' => 'tcp',
>>>                         'database' => 'databasename',
>>>                         'charset' => 'utf-8',
>>>                         'ssl' => true,
>>>                         'ca' => '/patch/to/ca-bundle.pem',
>>>             'table' => 'tabelname',
>>>             'user_col' => 'username',
>>>             'pass_col' => 'password',
>>>             'show_encryption' => false,
>>>             'encryption' => 'crypt-md5',
>>>     ),
>>>     'logout' => true,
>>> );
>>>
>>
>> Unless I missed something you didn't even say what your problem is.
>> --
>> Jan Schneider
>> The Horde Project
>> http://www.horde.org/
>> https://www.facebook.com/hordeproject
>>
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/
>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>
> Of course  - I checked transmission by tcpdump, on my mysql server and
> everything is in cleartext.
>

More information about the horde mailing list