I've compiled OpenSSL 1.0.2h into /usr/local/openssl on a MySQL 5.7.13 Server, using the following code:
tar xvzf openssl-1.0.2h.tar.gz -C /usr/local
cd /usr/local/openssl-1.0.2h
./config --prefix=/usr/local/openssl shared
make depend
make
make install
After, I configured MySQL with:
cmake . -DMYSQL_DATADIR=/usr/local/mysql/dat -DWITH-SSL=/usr/local/openssl
When MySQL starts for the first time, it creates eight key/cert (.pem) files within that /dat directory:
ca.pem
ca-key.pem
client-cert.pem
client-key.pem
private_key.pem
public_key.pem
server-cert.pem
server-key.pem
From within MySQL Workbench, I can see that SSL is on in the Available Server Features:
SSL Availability On (Green Dot)
And that the SHA256/SSL files are identified in the Authentication section:
SHA256 password private key: private_key.pem
SHA256 password public key: public_key.pem
SSL CA: ca.pem
SSL CA path: n/a
SSL Cert: server-cert.pem
SSL CRL: n/a
SSL CRL path: n/a
SSL Key: server-key.pem
From the Users and Privileges section in Workbench I have created two test users:
'user_standard'#'%' picking Standard for Authentication Type
'user_sha256'#'%' picking SHA256 Password for Authentication Type
In my my.cnf file I specify the following:
[client]
ssl-ca = /usr/local/mysql/dat/ca.pem
ssl-cert = /usr/local/mysql/dat/client-cert.pem
ssl-key = /usr/local/mysql/dat/client-key.pem
[mysqld]
ssl-ca = /usr/local/mysql/dat/ca.pem
ssl-cert = /usr/local/mysql/dat/server-cert.pem
ssl-key = /usr/local/mysql/dat/server-key.pem
ssl-cipher = DHE-RSA-AES256-SHA
The "status" of the MySQL Server is as follows:
mysql> status
--------------
./bin/mysql Ver 14.14 Distrib 5.7.13, for Linux (x86_64) using EditLine wrapper
Connection id: 4
Current database: mysql
SSL: Cipher in use is DHE-RSA-AES256-SHA
Current page: stdout
Using outfile: ''
Using delimiter: ;
Server version: 5.7.13-debug-log Source distribution
Protocol version: 10
Connection: Localhost via UNIX socket
Server characterset: utf8
Db characterset: utf8
Client characterset: utf8
Conn. characterset: utf8
UNIX socket: /tmp/mysqld.sock
I have a separate client server running Apache 2.4.10 (configured with --with-ssl=/usr/local/openssl), PHP 7.0.7 (configured with --with-openssl=/usr/local/openssl), and the same OpenSSL 1.0.2h (configured with --prefix=/usr/local/openssl shared). My phpinfo.php file shows OpenSSL support is enabled and that its Library/Header Version is indeed 1.0.2h.
I then copied the ca.pem, server-cert.pem, and server-key.pem files from the MySQL Server to the Apache/PHP Server and made a directory to put them in: /usr/local/openssl/ssl/mysql/.
Here is my PHP code that is a "Success!" using the credentials for [user_standard] but I get,
Warning: mysqli_real_connect(): (HY000/1045): Access denied for user 'user_sha256' (using password: YES)
simply switching the $user and $pass variables to log in as [user_sha256]. Everything else remains the same.
$conn = mysqli_init();
$conn->options (MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true);
$conn->ssl_set ('/usr/local/openssl/ssl/mysql/server-key.pem', '/usr/local/openssl/ssl/mysql/server-cert.pem', '/usr/local/openssl/ssl/mysql/ca.pem', NULL, 'DHE-RSA-AES256-SHA');
$serv = 'MySQL_Server_5.7.13_Auto_Generated_Server_Certificate';
$user = 'user_standard'; // Switching to 'user_sha256' = Permission denied
$pass = 'user_standard'; // Switching to 'user_sha256' = Permission denied
$data = 'test';
$conn->real_connect ($serv, $user, $pass, $data, 3306, NULL, MYSQLI_CLIENT_SSL);
if (!$conn) {
die ('Connect error (' . mysqli_connect_errno(). '): ' . mysqli_connect_error() . "\n");
} else {
echo "Success!";
}
$conn->close();
I don't understand the difference and/or what possibly needs to be configured differently to allow PHP to connect to the SHA256 account.
And by the way, both the MySQL Server and the Apache/PHP Server are: CentOS Linux release 7.2.1511 (Core).
Related
System: Ubuntu 20.04 (1 SQL Server and 1 Webserver)
mariadb Ver 15.1 Distrib 10.3.31-MariaDB
PHP 7.4.3
I'm currently facing a problem setting up my LEMP Webserver.
I already configured PHP and Nginx, also secure installed mariadb.
But no matter what I do I always run in the following problem:
mysql error log: 2021-08-22 15:47:40 37 [Warning] Access denied for user
''#'Hostname' (using password: NO)
Webbrowser: Server can't handle request HTTP500 Error
I created the database user called webcompiler#Server_ip on the database and gave him full permissions
on the specific database.
On the SQL Server itself I can login via mysql -u root -p (works fine).
But not via mysql -u webcompiler -p
my.cnf in mariadb:
[mysqld]
skip-networking=0
skip-bind-address
The PDO Connection script:
<?php
$servername ="*";
$dBUsername = "webcompiler";
$dBPassword = "*";
$dBName = "*";
$pdo = new PDO("mysql:host=$servername;dbname=$dBName",$dBUsername , $dBPassword);
if ($pdo->connect_error) { die("Connection failed: " . $pdo->connect_error); }
Thanks for the help so far!
I changed accordingly but now I get this error:
[Warning] Access denied for user 'webcompiler'#'host' (using password: YES)
As "Using Password Yes" points to a wrong password, I changed it to a
simple one to see if that fixes the Error.
It did. I changed it to another one and escaping special characters was the key to making it work.
Thanks for all the help!
I am trying to connect to an AWS RDS instance using SSL but I keep getting this error:
mysqli_real_connect(): Unable to set private key file
What im doing is this:
Generate key pairs in AWS, keep private key.
Use OpenSSL to get the cert.pem using this command and the private key that I got from AWS: openssl req -newkey rsa:2048 -nodes -keyout private-key-generated-by-AWS.pem -x509 -days 365 -out certificate.pem
I downloaded the cacert.pem from this website: https://curl.haxx.se/docs/caextract.html
Here is my code:
mysqli_ssl_set($con,"sshconn.pem","certificate.pem","cacert.pem",NULL,NULL);
if (!mysqli_real_connect($con,"myAWSendpoint","username","password","DBname"))
{
die("Connect Error: " . mysqli_connect_error());
}
mysqli_close($con);
?>
I am pretty sure I am not setting my private key correctly but I don't know what I'm doing wrong, any suggestions? Thank you!
AWS RDS uses server side authentication, not client side. You'll need to the master password once you setup the SSL connection or whatever users you have provisioned inside the DB or IAM users.
https://dev.mysql.com/doc/refman/5.6/en/using-encrypted-connections.html
A root certificate that works for all regions can be downloaded at https://s3.amazonaws.com/rds-downloads/rds-ca-2015-root.pem
Intermediates are here: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
mysql -h myinstance.c9akciq32.rds-us-east-1.amazonaws.com
--ssl-ca=[full path]rds-combined-ca-bundle.pem --ssl-verify-server-cert
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_MySQL.html#MySQL.Concepts.SSLSupport
I have Centos7 installation with nginx/php5.6. MS SQL 2008 R2 is working on another server.
MSSQL definitely has allowed tcp connection, custom (non domain) user, firewall disabled, and I can connect to it using HeidiSQL and that setting from another Windows machine.
I can telnet to MSSQL from Centos (and I see Log error "Length specified in network packet payload did not match number of bytes read; the connection has been closed. Please contact the vendor of the client library." with centos ip address in MSSQL logs, so no errors here).
I couldn't connect to mssql from centos using php_mssql or sqlcmd;
During sqlcmd:
Microsoft (R) SQL Server Command Line Tool
Version 13.1.0007.0 Linux
[root#***]# /opt/mssql-tools/bin/sqlcmd -S *** -U ***
Password:
Sqlcmd: Error: Microsoft ODBC Driver 13 for SQL Server : Login timeout expired.
Sqlcmd: Error: Microsoft ODBC Driver 13 for SQL Server : TCP Provider: Timeout error [258]. .
Sqlcmd: Error: Microsoft ODBC Driver 13 for SQL Server : Unable to complete login process due to delay in prelogin response.
During php interactive:
php > mssql_connect('***:***', '***','***');
PHP Warning: mssql_connect(): Unable to connect to server: *** in php shell code on line 1
I also tried tsql/freetds:
/etc/freetds.conf has section
[myserver]
host = ***
port = ***
client charset = UTF-8
tds version = 8.0 //also tried 7
[root#*]# tsql -S myserver -U ***
Password:
locale is "en_US.UTF-8"
locale charset is "UTF-8"
using default charset "UTF-8"
5 //begins to count, i could't understand what does it mean
Also tried to clean it all and install php7.0 with sqlsrv extension - the same problem;
There are some network strange - Centos serv and MSSQL are in different networks, I couldnt ping mssql from that server, but can telnet, i'm using ip, not the host name during connection attempts, so don't think it's a big deal.
Now I am out of ideas where to dig, any suggestions, please?
It was caused by misconfiguration in the network, I don't understand exactly how it is possible - to make telnet connection, but fail to connect normally, but our IT guys repaired this problem in less then half an hour.
I am trying to connect to an Azure Microsoft SQL Server database on my php scripts. I cannot figure out why it isn't working. When I run my db_connection.php script, I get this error:
SQLSTATE[01002] Adaptive Server connection failed (severity 9)
When I run the tsql command, with the connection details for my azure ms sql database, the connection seems to work (I read the "1>" means the connection worked):
locale is "C"
locale charset is "ANSI_X3.4-1968"
using default charset "UTF-8"
Default database being set to iBalekaDB
1>
Inside my freetds.conf file, I have this configuration set up:
# server specific section
[global]
# TDS protocol version
tds version = 8.0
text size = 20971520
client charset = UTF-8
dump file = /tmp/freetds.log
debug flags = 0xffff
# Command and connection timeouts
; timeout = 10
[iBalekaServer]
host = xxxxxxxx.xxxxxxx.windows.net
port = 1433
tds version = 8.0
client charset = UTF-8
My db_connection.php file looks like this:
try {
$dataSource = "dblib:host=iBalekaServer;dbname=iBalekaDB;";
$username = "xxxxxxxxxxxx";
$password = "xxxxxxxxxxxx";
$connectionObject = new PDO($dataSource, $username, $password);
$connectionObject->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if ($connectionObject) {
echo "<h2>Connection Successful</h2>";
} else {
echo "Connection Error";
}
} catch (PDOException $e) {
echo $e->getMessage();
}
I ran tsql -C on the VPS and got this:
Compile-time settings (established with the "configure" script)
Version: freetds v0.91
freetds.conf directory: /etc/freetds
MS db-lib source compatibility: no
Sybase binary compatibility: yes
Thread safety: yes
iconv library: yes
TDS version: 4.2
iODBC: no
unixodbc: yes
SSPI "trusted" logins: no
Kerberos: yes
I checked to see if I had pdo_dblib installed, and it was present when I ran phpinfo() on my Linux VPS Server.
What could be the issue here?
EDIT: using mssql_connect works. I really wanted to use PDO
On my test, I changed the $username to the format of UID (e.g. <username>#<db_server_name>), and it fixed your issue of SQLSTATE[01002] Adaptive Server connection failed (severity 9).
BTW, you can grab the UID from the connectionstring from Azure portal.
Additionally, if you get the issue of General SQL Server error: Check messages from the SQL Server (severity 16), you can refer to the answer of PDO DBLib not working.
Any update, please feel free to let me know.
I am trying to connect to a remote MSSQL server using the platforms listed in the title. I have FreeTDS and all the relevant ODBC packages installed. Here is my freetds.conf:
# $Id: freetds.conf,v 1.12 2007/12/25 06:02:36 jklowden Exp $
#
# This file is installed by FreeTDS if no file by the same
# name is found in the installation directory.
#
# For information about the layout of this file and its settings,
# see the freetds.conf manpage "man freetds.conf".
# Global settings are overridden by those in a database
# server specific section
[global]
# TDS protocol version
; tds version = 4.2
# Whether to write a TDSDUMP file for diagnostic purposes
# (setting this to /tmp is insecure on a multi-user system)
; dump file = /tmp/freetds.log
; debug flags = 0xffff
# Command and connection timeouts
; timeout = 10
; connect timeout = 10
# If you get out-of-memory errors, it may mean that your client
# is trying to allocate a huge buffer for a TEXT field.
# Try setting 'text size' to a more reasonable limit
text size = 64512
[DEVSQL]
host = x.x.x.x
instance = DEVSQL
tds version = 8.0
Here is my odbc.ini:
[ODBC Data Sources]
DEVSQL = FreeTDS Connection Server
[DEVSQL]
Description = MSSQL Server
Driver = freetds
ServerName = DEVSQL
Database = test
TDS_Version = 8.0
Here is my PHP code:
<?php
$dbname = "test";
$servername = "DEVSQL";
$username = "myuser";
$password = "mypassword";
try{
$db = new PDO('odbc:Driver=FreeTDS; Server='.$servername.'; Database='.$dbname.'; UID='.$username.'; PWD='.$password.';');
Database='.$dbname.'; UID='.$username.'; PWD='.$password.';');
}
catch(PDOException $exception){
die("Unable to open database.<br />Error message:<br /><br />$exception.");
}
echo '<h1>Successfully connected!</h1>';
?>
I am able to connect just fine using the following commands in the terminal:
TDSVER=8.0 tsql -S devsql -U myuser -P mypassword
as well as:
isql -v devsql myuser mypassword
But when I browse to index.php in FireFox I get the following error:
exception 'PDOException' with message 'SQLSTATE[08001]
SQLDriverConnect: 0 [unixODBC][FreeTDS][SQL Server]Unable to connect
to data source' in /var/www/html/index.php:16 Stack trace: #0
/var/www/html/index.php(16): PDO->__construct('odbc:Driver=Fre...') #1
{main}.
Any help much appreciated! Alos, if anyone has a better way to connect to sql server from a linux box using php, I'm all ears. Thanks again!
EDIT: I forgot to mention: Ubuntu and Apache are running inside a VM instance on a Win7 host. The Win7 environment on that same machine is where the SQL server is running. I'm not sure if that's relevant since they are communicating just fine, but thought I'd throw it out there.