Cannot connect with database over SSL

Get help from other users here.

Moderators: Developer, Contributor

Post Reply
Lammert
Posts: 3
Joined: 29 Jul 2016, 05:52

Cannot connect with database over SSL

Post by Lammert »

I recently installed MantisBT version 1.3.0 on a web server running Apache 2.4 and PHP 5.6.24. Our MariaDB database 10.1.24 where the MantisBT issues are stored is located in another data center. Because of that we prefer SSL encryption for all communications between the web server and the database server.

All our web applications are able to connect to the database server when SSL is enforced on the SQL user account, but MantisBT doesn't seem to have an option to enable SSL on the client side with either a MYSQLI_CLIENT_SSL or MYSQL_CLIENT_SSL flag somewhere in the configuration file.

Are there any workarounds to get this working? Moving the database to the webserver is no option, as the database is running on a high availability cluster and I don't want to compromise data redundancy just because a web application doesn't seem to handle security properly.
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Cannot connect with database over SSL

Post by atrol »

I never tried myself, maybe the follwoing approach works

Run the Mantis installaion process without using SSL
after that use the following setting

Code: Select all

**
 * adodb Data Source Name
 * This is an EXPERIMENTAL field.
 * If the above database settings, do not provide enough flexibility, it is
 * possible to specify a dsn for the database connection. For further details,
 * currently, you need to see the adodb manual at
 * http://phplens.com/adodb/code.initialization.html#dsnsupport. For example,
 * if db_type is odbc_mssql. The following is an example dsn:
 * "Driver={SQL Server Native Client 10.0};SERVER=.\sqlexpress;DATABASE=bugtracker;UID=mantis;PWD=password;"
 * NOTE: the installer does not yet fully support the use of dsn's
 */
$g_dsn = '';
Set it to something like

Code: Select all

$g_dsn = 'mysqli://ssluser:sslpass@dbhost/test?clientflags=2048';
This might do the trick, at least according
http://stackoverflow.com/questions/1510 ... with-adodb
Please use Search before posting and read the Manual
Lammert
Posts: 3
Joined: 29 Jul 2016, 05:52

Re: Cannot connect with database over SSL

Post by Lammert »

Thanks for the response. I will try to modify the code and report back the results here.
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Cannot connect with database over SSL

Post by atrol »

To be sure that we don't talk about different things.
You should not modify any existing code of Mantis, but just add this line to file config_inc.php and adjust it to your need.

Code: Select all

$g_dsn = 'mysqli://ssluser:sslpass@dbhost/test?clientflags=2048';
Please use Search before posting and read the Manual
Lammert
Posts: 3
Joined: 29 Jul 2016, 05:52

Re: Cannot connect with database over SSL

Post by Lammert »

I did some tests and have the connection working now with the following line added to the config_inc.php file:

Code: Select all

$g_dsn = "mysqli://$g_db_username:$g_db_password@$g_hostname/$g_database_name?clientflags=" . MYSQLI_CLIENT_SSL;
Obviously this line must be added after the variables for the database connection in the config fille.
atrol
Site Admin
Posts: 8366
Joined: 26 Mar 2008, 21:37
Location: Germany

Re: Cannot connect with database over SSL

Post by atrol »

Thanks for coming back and telling the solution.
Please use Search before posting and read the Manual
thewolf
Posts: 4
Joined: 18 Sep 2006, 10:20

Re: Cannot connect with database over SSL

Post by thewolf »

If you add the SSL requirement to the MySQL user, e.g.:

Code: Select all

ALTER USER mantis REQUIRE SSL;
and you add the following line to the config_inc.php file:

Code: Select all

$g_dsn = "mysqli://$g_db_username:$g_db_password@$g_hostname/$g_database_name?clientflags=" . MYSQLI_CLIENT_SSL;
Mantis keeps working correctly.

But the admin/install.php script doesn't work correctly anymore: it fails to connect to the db, effectively preventing the installation or the upgrade of Mantis if the db connection requires SSL.

Does anyone know how to fix that?

Thanks.
Post Reply