[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-db
Subject:    [PHP-DB] MySQLi and SSL in FreeBSD
From:       Tobias_Franzén <lists.zxinn () otaking ! se>
Date:       2008-01-13 2:37:57
Message-ID: 47897985.60600 () otaking ! se
[Download RAW message or body]

Hi.

I'm trying to secure the connections to my MySQL server, since the MySQL 
server and most clients are on separate machines.
I'm running a few FreeBSD 5.5 machines under VMware Server 1.0.4.

I wrote a simple test script (I also tried it using the full mysqli_* 
functions):
<?php
$link = mysqli_init();
$link->real_connect("host","user","password",false,NULL,NULL,MYSQLI_CLIENT_SSL);
$res = $link->query("SHOW STATUS LIKE 'Ssl_cipher';");
print_r($res->fetch_row());
echo "Finished.";
?>

An equivalent script for plain old regular mysql_*:
<?php
$link = mysql_connect("host","user","password",false,MYSQL_CLIENT_SSL);
$res = mysql_query("SHOW STATUS LIKE 'Ssl_cipher';",$link);
print_r(mysql_fetch_row($res));
echo "Finished.";
?>

Executing this with the "php" or "php-cgi" binaries from the command 
line, I get an expected result like:
Array
(
    [0] => Ssl_cipher
    [1] => DHE-RSA-AES256-SHA
)
Finished.

The Ssl_cipher attribute will only have a non-empty value if a secure 
connection has been successful.

The problem I'm having, however, is that if I run this through Apache, 
using mod_php, the httpd server process crashes with Segmentation fault 
(11). Today I tracked down the crash to the closing of the mysqli 
connection. If I flush the output buffers, I can get all the data until 
the end of the script, or if I put a $link->close() or 
mysqli_close($link) then up to the line where I put that.

The history of my problem also has had a weird chain of events that I 
will try to explain. Three days ago, I was trying to use phpMyAdmin, 
connecting to my MySQL server with SSL, and it wouldn't let me log in 
without it crashing when I enabled it. So I tracked it to their database 
connection code, where I found it crashing if I let it run the 
mysqli_real_connect() line with the MYSQLI_CLIENT_SSL flag. If I instead 
of the SSL flag put in a call to mysqli_ssl_set() before 
mysqli_real_connect(), and pointing out my CA certificate, I would 
achieve an SSL connection without the crash. So I figured it was 
something to do with the MYSQLI_CLIENT_SSL flag. But I could not find 
anyone with a similar problem when searching in many different places.

So the next day when I got home from work I went to do some more 
phpMyAdmin trekkin', and once again it wouldn't let me log in. It had 
gone back to crashing even with the solution which was working the day 
before. And now for some reason, I can connect to the mysql server using 
SSL, but I get the crash when the connection is being closed instead.

Throughout the entire time the scripts have still worked flawlessly when 
being run via the "php" or "php-cgi" binaries, even when crashing when 
run via mod_php.

Tests on other systems:
Today I installed the latest binary packages of Apache 2.2.6 and PHP 
5.2.5 in a VM with Windows, and there I have no problems running the 
test script from Apache with mod_php.
I also installed another VM with FreeBSD 6.0 (as opposed to version 5.5 
in my regular VMs), and encountered the same segmentation fault crash in 
the same way as in the most recent testings in FreeBSD 5.5.

In FreeBSD I'm using Apache 2.2.6 and PHP 5.2.5, both compiled from the 
latest FreeBSD ports, with the only difference from default 
configuration being to build the PHP Apache module. MySQL, also compiled 
from the latest FreeBSD ports, is version 5.1.22 (both client and server 
on all machines).


Could this segmentation fault crash in some way be configuration 
related, or might there be some bug in mod_php on FreeBSD? If it's a 
bug, I will report it. I just want to make sure first. Maybe someone 
using FreeBSD and has some time to spare could verify if my error is 
related to FreeBSD in general, or to my FreeBSDs in particular.

/Zxinn

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[prev in list] [next in list] [prev in thread] [next in thread]