MySQLi and SSL in FreeBSD

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi.

I'm trying to secure the connections to my MySQL server, since the MySQL server and most clients are on separate machines.
I'm running a few FreeBSD 5.5 machines under VMware Server 1.0.4.

I wrote a simple test script (I also tried it using the full mysqli_* functions):
<?php
$link = mysqli_init();
$link->real_connect("host","user","password",false,NULL,NULL,MYSQLI_CLIENT_SSL);
$res = $link->query("SHOW STATUS LIKE 'Ssl_cipher';");
print_r($res->fetch_row());
echo "Finished.";
?>

An equivalent script for plain old regular mysql_*:
<?php
$link = mysql_connect("host","user","password",false,MYSQL_CLIENT_SSL);
$res = mysql_query("SHOW STATUS LIKE 'Ssl_cipher';",$link);
print_r(mysql_fetch_row($res));
echo "Finished.";
?>

Executing this with the "php" or "php-cgi" binaries from the command line, I get an expected result like:
Array
(
   [0] => Ssl_cipher
   [1] => DHE-RSA-AES256-SHA
)
Finished.

The Ssl_cipher attribute will only have a non-empty value if a secure connection has been successful.

The problem I'm having, however, is that if I run this through Apache, using mod_php, the httpd server process crashes with Segmentation fault (11). Today I tracked down the crash to the closing of the mysqli connection. If I flush the output buffers, I can get all the data until the end of the script, or if I put a $link->close() or mysqli_close($link) then up to the line where I put that.

The history of my problem also has had a weird chain of events that I will try to explain. Three days ago, I was trying to use phpMyAdmin, connecting to my MySQL server with SSL, and it wouldn't let me log in without it crashing when I enabled it. So I tracked it to their database connection code, where I found it crashing if I let it run the mysqli_real_connect() line with the MYSQLI_CLIENT_SSL flag. If I instead of the SSL flag put in a call to mysqli_ssl_set() before mysqli_real_connect(), and pointing out my CA certificate, I would achieve an SSL connection without the crash. So I figured it was something to do with the MYSQLI_CLIENT_SSL flag. But I could not find anyone with a similar problem when searching in many different places.

So the next day when I got home from work I went to do some more phpMyAdmin trekkin', and once again it wouldn't let me log in. It had gone back to crashing even with the solution which was working the day before. And now for some reason, I can connect to the mysql server using SSL, but I get the crash when the connection is being closed instead.

Throughout the entire time the scripts have still worked flawlessly when being run via the "php" or "php-cgi" binaries, even when crashing when run via mod_php.

Tests on other systems:
Today I installed the latest binary packages of Apache 2.2.6 and PHP 5.2.5 in a VM with Windows, and there I have no problems running the test script from Apache with mod_php. I also installed another VM with FreeBSD 6.0 (as opposed to version 5.5 in my regular VMs), and encountered the same segmentation fault crash in the same way as in the most recent testings in FreeBSD 5.5.

In FreeBSD I'm using Apache 2.2.6 and PHP 5.2.5, both compiled from the latest FreeBSD ports, with the only difference from default configuration being to build the PHP Apache module. MySQL, also compiled from the latest FreeBSD ports, is version 5.1.22 (both client and server on all machines).


Could this segmentation fault crash in some way be configuration related, or might there be some bug in mod_php on FreeBSD? If it's a bug, I will report it. I just want to make sure first. Maybe someone using FreeBSD and has some time to spare could verify if my error is related to FreeBSD in general, or to my FreeBSDs in particular.

/Zxinn

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux