Hi.
I'm trying to secure the connections to my MySQL server, since the MySQL
server and most clients are on separate machines.
I'm running a few FreeBSD 5.5 machines under VMware Server 1.0.4.
I wrote a simple test script (I also tried it using the full mysqli_*
functions):
<?php
$link = mysqli_init();
$link->real_connect("host","user","password",false,NULL,NULL,MYSQLI_CLIENT_SSL);
$res = $link->query("SHOW STATUS LIKE 'Ssl_cipher';");
print_r($res->fetch_row());
echo "Finished.";
?>
An equivalent script for plain old regular mysql_*:
<?php
$link = mysql_connect("host","user","password",false,MYSQL_CLIENT_SSL);
$res = mysql_query("SHOW STATUS LIKE 'Ssl_cipher';",$link);
print_r(mysql_fetch_row($res));
echo "Finished.";
?>
Executing this with the "php" or "php-cgi" binaries from the command
line, I get an expected result like:
Array
(
[0] => Ssl_cipher
[1] => DHE-RSA-AES256-SHA
)
Finished.
The Ssl_cipher attribute will only have a non-empty value if a secure
connection has been successful.
The problem I'm having, however, is that if I run this through Apache,
using mod_php, the httpd server process crashes with Segmentation fault
(11). Today I tracked down the crash to the closing of the mysqli
connection. If I flush the output buffers, I can get all the data until
the end of the script, or if I put a $link->close() or
mysqli_close($link) then up to the line where I put that.
The history of my problem also has had a weird chain of events that I
will try to explain. Three days ago, I was trying to use phpMyAdmin,
connecting to my MySQL server with SSL, and it wouldn't let me log in
without it crashing when I enabled it. So I tracked it to their database
connection code, where I found it crashing if I let it run the
mysqli_real_connect() line with the MYSQLI_CLIENT_SSL flag. If I instead
of the SSL flag put in a call to mysqli_ssl_set() before
mysqli_real_connect(), and pointing out my CA certificate, I would
achieve an SSL connection without the crash. So I figured it was
something to do with the MYSQLI_CLIENT_SSL flag. But I could not find
anyone with a similar problem when searching in many different places.
So the next day when I got home from work I went to do some more
phpMyAdmin trekkin', and once again it wouldn't let me log in. It had
gone back to crashing even with the solution which was working the day
before. And now for some reason, I can connect to the mysql server using
SSL, but I get the crash when the connection is being closed instead.
Throughout the entire time the scripts have still worked flawlessly when
being run via the "php" or "php-cgi" binaries, even when crashing when
run via mod_php.
Tests on other systems:
Today I installed the latest binary packages of Apache 2.2.6 and PHP
5.2.5 in a VM with Windows, and there I have no problems running the
test script from Apache with mod_php.
I also installed another VM with FreeBSD 6.0 (as opposed to version 5.5
in my regular VMs), and encountered the same segmentation fault crash in
the same way as in the most recent testings in FreeBSD 5.5.
In FreeBSD I'm using Apache 2.2.6 and PHP 5.2.5, both compiled from the
latest FreeBSD ports, with the only difference from default
configuration being to build the PHP Apache module. MySQL, also compiled
from the latest FreeBSD ports, is version 5.1.22 (both client and server
on all machines).
Could this segmentation fault crash in some way be configuration
related, or might there be some bug in mod_php on FreeBSD? If it's a
bug, I will report it. I just want to make sure first. Maybe someone
using FreeBSD and has some time to spare could verify if my error is
related to FreeBSD in general, or to my FreeBSDs in particular.
/Zxinn
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
