[horde] Mysql ssl connection problem

Erling Preben Hansen erling at eph.dk
Sun Feb 16 12:20:32 UTC 2014


  Citat af Arjen de Korte <arjen+horde at de-korte.org>:

> Citeren woj woj <wojnas at gmail.com>:
>
>> Maybe someone could help me and tell howto try debug the problem?
>
> Please do not top post.
>
>> In connection settings i  have ssl on, and patch to ca certificate.
>
> Is SSL enabled on your MySQL server? What is the output of
>
>   SHOW VARIABLES LIKE 'have_ssl';
>
> in an SQL shell?
>
>> In logs is no error, but when i check transmision on target host by
>> tcpdump
>> conversation is in clear text.
>
>> 2014-02-14 12:06 GMT+01:00 woj woj <wojnas at gmail.com>:
>>
>>> 2014-02-14 11:54 GMT+01:00 Jan Schneider <jan at horde.org>:
>>>
>>>> Zitat von woj woj <wojnas at gmail.com>:
>>>>
>>>> 2014-02-14 10:02 GMT+01:00 Michael M Slusarz <slusarz at horde.org>:
>>>>> Quoting woj woj <wojnas at gmail.com>:
>>>>>> 2014-02-14 9:38 GMT+01:00 Arjen de Korte <arjen+horde at de-korte.org>:
>>>>>>
>>>>>>> Citeren woj woj <wojnas at gmail.com>:
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> i got problem with ssl connection to mysql server.
>>>>>>>>> It is different server for changing passwords.
>>>>>>>>> I checked horde and httpd log, and everything is allright.
>>>>>>>>> I also checked ssl connection to mysql and its ok.
>>>>>>>>> Certificate is readable by httpd user
>>>>>>>>>
>>>>>>>>> Here is my config/config.local.php
>>>>>>>>>
>>>>>>>>> What file is this? As far as I know, the only config/config.php
>>>>>>>>
>>>>>>>> file used
>>>>>>>> by horde is under admin/config/config.php, but this does not
>>>>>>>> contain
>>>>>>>> variables you can override. So what are you attempting to do here?
>>>>>>>>
>>>>>>>> <?php
>>>>>>>>
>>>>>>>> $conf['wsql']['username'] = 'username';
>>>>>>>>> $conf['wsql']['password'] = 'password';
>>>>>>>>> $conf['wsql']['hostspec'] = 'srv_addres';
>>>>>>>>> $conf['wsql']['port'] = 3306;
>>>>>>>>> $conf['wsql']['protocol'] = 'tcp';
>>>>>>>>> $conf['wsql']['database'] = 'databasename';
>>>>>>>>> $conf['wsql']['charset'] = 'utf-8';
>>>>>>>>> $conf['wsql']['ssl'] = true;
>>>>>>>>> $conf['wsql']['ca'] = '/patch/to/cert.pem';
>>>>>>>>>
>>>>>>>>> A certification authority (that's what the 'ca' probably stands
>>>>>>>>
>>>>>>>> for) is
>>>>>>>> not the same as a client certificate. I'm not even sure Horde is
>>>>>>>> able
>>>>>>>> to
>>>>>>>> use client certificates for authentication to a Sql server.
>>>>>>>>
>>>>>>>> $conf['wsql']['splitread'] = false;
>>>>>>>>
>>>>>>>> $conf['wsql']['phptype'] = 'mysql';
>>>>>>>>> Where is the 'wsql' from? I can't find any references to that in
>>>>>>>>
>>>>>>>> Horde.
>>>>>>>>
>>>>>>>> P.s. I checked transmission by tcpdump, and everything is in
>>>>>>>> cleartext
>>>>>>>>
>>>>>>>>>  
>>>>>>>>
>>>>>>>> --
>>>>>>>> Horde mailing list
>>>>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>>>>>
>>>>>>>> Arjen thanks for your answer.
>>>>>>>
>>>>>>> I have two mysql databases:
>>>>>>> 1. Localhost database for horde (no ssl).
>>>>>>> 2. Remote database on different host to reset passwords and
activate
>>>>>>> vacations. (ssl is mandatory)
>>>>>>>
>>>>>>> I create file config.local.php in horde/config/  with definition
for
>>>>>>> new
>>>>>>> variable for connection to different host.
>>>>>>>  
>>>>>>
>>>>>> Horde does not read any config.local.php file.  So that's not going
>>>>>> to
>>>>>> do
>>>>>> anything.
>>>>>>
>>>>>> In passwd configuration I use my on varibble
$GLOBALS['conf']['wsql']
>>>>>> for
>>>>>>
>>>>>>> configuration, and everything works ok, except ssl connection.
>>>>>>>
>>>>>>> $conf['wsql']['ca'] = is patch to bundle ca certificate.
>>>>>>>  
>>>>>>
>>>>>> This won't work either.  You configure a Passwd SQL backend in the
>>>>>> passwd/config/backends.local.php file.
>>>>>>
>>>>>> You can't just start adding random config options to a configuration
>>>>>> file
>>>>>> and expect them to do anything.
>>>>>>
>>>>>> michael
>>>>>> --
>>>>>>
>>>>>> ___________________________________
>>>>>> Michael Slusarz [slusarz at horde.org]
>>>>>>
>>>>>> --
>>>>>> Horde mailing list
>>>>>> Frequently Asked Questions: http://horde.org/faq/
>>>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>>>>  
>>>>>
>>>>> Ok, I understand.
>>>>> I put everything in passwd/config/backends.local.php
>>>>>
>>>>> Result is the same - any ideas ?
>>>>>
>>>>> <?php
>>>>>    $backends['sql'] = array(
>>>>>    'disabled' => false,
>>>>>    'name' => 'Postfix SQL Authentication',
>>>>>    'driver' => 'Sql',
>>>>>    'policy' => array(
>>>>>        'minLength' => 8,
>>>>>        'minNumeric' => 1,
>>>>>        'minUpper' => 1,
>>>>>        'minLower' => 1,
>>>>>        'minSymbol' => 1,
>>>>>    ),
>>>>>    'params' => array(
>>>>>                        'phptype' => 'mysql',
>>>>>                        'hostspec' => 'srv_addres',
>>>>>                        'username' => 'username',
>>>>>                        'password' => 'password',
>>>>>                        'port' => '3306',
>>>>>                        'protocol' => 'tcp',
>>>>>                        'database' => 'databasename',
>>>>>                        'charset' => 'utf-8',
>>>>>                        'ssl' => true,
>>>>>                        'ca' => '/patch/to/ca-bundle.pem',
>>>>>            'table' => 'tabelname',
>>>>>            'user_col' => 'username',
>>>>>            'pass_col' => 'password',
>>>>>            'show_encryption' => false,
>>>>>            'encryption' => 'crypt-md5',
>>>>>    ),
>>>>>    'logout' => true,
>>>>> );
>>>>
>>>> Unless I missed something you didn't even say what your problem is.
>>>> --
>>>> Jan Schneider
>>>> The Horde Project
>>>> http://www.horde.org/
>>>> https://www.facebook.com/hordeproject
>>>>
>>>> --
>>>> Horde mailing list
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>>
>>> Of course  - I checked transmission by tcpdump, on my mysql server and
>>> everything is in cleartext.
>>
>> --
>> Horde mailing list
>> Frequently Asked Questions: http://horde.org/faq/To unsubscribe, mail:
>> horde-unsubscribe at lists.horde.org

> Does your sql user have "require ssl" set.
>
> take a look at this:
> https://dev.mysql.com/doc/refman/5.0/en/ssl-connections.html
>
> /erling


More information about the horde mailing list