[horde] Mysql ssl connection problem
Arjen de Korte
arjen+horde at de-korte.org
Sun Feb 16 11:44:10 UTC 2014
Citeren woj woj <wojnas at gmail.com>:
> Maybe someone could help me and tell howto try debug the problem?
Please do not top post.
> In connection settings i have ssl on, and patch to ca certificate.
Is SSL enabled on your MySQL server? What is the output of
SHOW VARIABLES LIKE 'have_ssl';
in an SQL shell?
> In logs is no error, but when i check transmision on target host by tcpdump
> conversation is in clear text.
> 2014-02-14 12:06 GMT+01:00 woj woj <wojnas at gmail.com>:
>
>>
>>
>>
>> 2014-02-14 11:54 GMT+01:00 Jan Schneider <jan at horde.org>:
>>
>>
>>> Zitat von woj woj <wojnas at gmail.com>:
>>>
>>>
>>> 2014-02-14 10:02 GMT+01:00 Michael M Slusarz <slusarz at horde.org>:
>>>>
>>>> Quoting woj woj <wojnas at gmail.com>:
>>>>>
>>>>> 2014-02-14 9:38 GMT+01:00 Arjen de Korte <arjen+horde at de-korte.org>:
>>>>>
>>>>>>
>>>>>> Citeren woj woj <wojnas at gmail.com>:
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hello,
>>>>>>>
>>>>>>> i got problem with ssl connection to mysql server.
>>>>>>>> It is different server for changing passwords.
>>>>>>>> I checked horde and httpd log, and everything is allright.
>>>>>>>> I also checked ssl connection to mysql and its ok.
>>>>>>>> Certificate is readable by httpd user
>>>>>>>>
>>>>>>>> Here is my config/config.local.php
>>>>>>>>
>>>>>>>>
>>>>>>>> What file is this? As far as I know, the only config/config.php
>>>>>>> file used
>>>>>>> by horde is under admin/config/config.php, but this does not contain
>>>>>>> variables you can override. So what are you attempting to do here?
>>>>>>>
>>>>>>>
>>>>>>> <?php
>>>>>>>
>>>>>>> $conf['wsql']['username'] = 'username';
>>>>>>>> $conf['wsql']['password'] = 'password';
>>>>>>>> $conf['wsql']['hostspec'] = 'srv_addres';
>>>>>>>> $conf['wsql']['port'] = 3306;
>>>>>>>> $conf['wsql']['protocol'] = 'tcp';
>>>>>>>> $conf['wsql']['database'] = 'databasename';
>>>>>>>> $conf['wsql']['charset'] = 'utf-8';
>>>>>>>> $conf['wsql']['ssl'] = true;
>>>>>>>> $conf['wsql']['ca'] = '/patch/to/cert.pem';
>>>>>>>>
>>>>>>>>
>>>>>>>> A certification authority (that's what the 'ca' probably stands
>>>>>>> for) is
>>>>>>> not the same as a client certificate. I'm not even sure Horde is able
>>>>>>> to
>>>>>>> use client certificates for authentication to a Sql server.
>>>>>>>
>>>>>>>
>>>>>>> $conf['wsql']['splitread'] = false;
>>>>>>>
>>>>>>> $conf['wsql']['phptype'] = 'mysql';
>>>>>>>>
>>>>>>>>
>>>>>>>> Where is the 'wsql' from? I can't find any references to that in
>>>>>>> Horde.
>>>>>>>
>>>>>>>
>>>>>>> P.s. I checked transmission by tcpdump, and everything is in
>>>>>>> cleartext
>>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> --
>>>>>>> Horde mailing list
>>>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>>>>
>>>>>>>
>>>>>>> Arjen thanks for your answer.
>>>>>>>
>>>>>>
>>>>>> I have two mysql databases:
>>>>>> 1. Localhost database for horde (no ssl).
>>>>>> 2. Remote database on different host to reset passwords and activate
>>>>>> vacations. (ssl is mandatory)
>>>>>>
>>>>>> I create file config.local.php in horde/config/ with definition for
>>>>>> new
>>>>>> variable for connection to different host.
>>>>>>
>>>>>>
>>>>> Horde does not read any config.local.php file. So that's not going to
>>>>> do
>>>>> anything.
>>>>>
>>>>>
>>>>> In passwd configuration I use my on varibble $GLOBALS['conf']['wsql']
>>>>> for
>>>>>
>>>>>> configuration, and everything works ok, except ssl connection.
>>>>>>
>>>>>> $conf['wsql']['ca'] = is patch to bundle ca certificate.
>>>>>>
>>>>>>
>>>>> This won't work either. You configure a Passwd SQL backend in the
>>>>> passwd/config/backends.local.php file.
>>>>>
>>>>> You can't just start adding random config options to a configuration
>>>>> file
>>>>> and expect them to do anything.
>>>>>
>>>>> michael
>>>>> --
>>>>>
>>>>> ___________________________________
>>>>> Michael Slusarz [slusarz at horde.org]
>>>>>
>>>>>
>>>>> --
>>>>> Horde mailing list
>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>>
>>>>>
>>>>
>>>> Ok, I understand.
>>>> I put everything in passwd/config/backends.local.php
>>>>
>>>> Result is the same - any ideas ?
>>>>
>>>> <?php
>>>> $backends['sql'] = array(
>>>> 'disabled' => false,
>>>> 'name' => 'Postfix SQL Authentication',
>>>> 'driver' => 'Sql',
>>>> 'policy' => array(
>>>> 'minLength' => 8,
>>>> 'minNumeric' => 1,
>>>> 'minUpper' => 1,
>>>> 'minLower' => 1,
>>>> 'minSymbol' => 1,
>>>> ),
>>>> 'params' => array(
>>>> 'phptype' => 'mysql',
>>>> 'hostspec' => 'srv_addres',
>>>> 'username' => 'username',
>>>> 'password' => 'password',
>>>> 'port' => '3306',
>>>> 'protocol' => 'tcp',
>>>> 'database' => 'databasename',
>>>> 'charset' => 'utf-8',
>>>> 'ssl' => true,
>>>> 'ca' => '/patch/to/ca-bundle.pem',
>>>> 'table' => 'tabelname',
>>>> 'user_col' => 'username',
>>>> 'pass_col' => 'password',
>>>> 'show_encryption' => false,
>>>> 'encryption' => 'crypt-md5',
>>>> ),
>>>> 'logout' => true,
>>>> );
>>>>
>>>
>>> Unless I missed something you didn't even say what your problem is.
>>> --
>>> Jan Schneider
>>> The Horde Project
>>> http://www.horde.org/
>>> https://www.facebook.com/hordeproject
>>>
>>>
>>> --
>>> Horde mailing list
>>> Frequently Asked Questions: http://horde.org/faq/
>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>
>>
>> Of course - I checked transmission by tcpdump, on my mysql server and
>> everything is in cleartext.
>>
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5849 bytes
Desc: S/MIME Signature
URL: <http://lists.horde.org/archives/horde/attachments/20140216/1ae49246/attachment-0001.bin>
More information about the horde
mailing list