Page 1 of 1
Cannot connect with database over SSL
Posted: 29 Jul 2016, 06:18
by Lammert
I recently installed MantisBT version 1.3.0 on a web server running Apache 2.4 and PHP 5.6.24. Our MariaDB database 10.1.24 where the MantisBT issues are stored is located in another data center. Because of that we prefer SSL encryption for all communications between the web server and the database server.
All our web applications are able to connect to the database server when SSL is enforced on the SQL user account, but MantisBT doesn't seem to have an option to enable SSL on the client side with either a MYSQLI_CLIENT_SSL or MYSQL_CLIENT_SSL flag somewhere in the configuration file.
Are there any workarounds to get this working? Moving the database to the webserver is no option, as the database is running on a high availability cluster and I don't want to compromise data redundancy just because a web application doesn't seem to handle security properly.
Re: Cannot connect with database over SSL
Posted: 29 Jul 2016, 14:54
by atrol
I never tried myself, maybe the follwoing approach works
Run the Mantis installaion process without using SSL
after that use the following setting
Code: Select all
**
* adodb Data Source Name
* This is an EXPERIMENTAL field.
* If the above database settings, do not provide enough flexibility, it is
* possible to specify a dsn for the database connection. For further details,
* currently, you need to see the adodb manual at
* http://phplens.com/adodb/code.initialization.html#dsnsupport. For example,
* if db_type is odbc_mssql. The following is an example dsn:
* "Driver={SQL Server Native Client 10.0};SERVER=.\sqlexpress;DATABASE=bugtracker;UID=mantis;PWD=password;"
* NOTE: the installer does not yet fully support the use of dsn's
*/
$g_dsn = '';
Set it to something like
Code: Select all
$g_dsn = 'mysqli://ssluser:sslpass@dbhost/test?clientflags=2048';
This might do the trick, at least according
http://stackoverflow.com/questions/1510 ... with-adodb
Re: Cannot connect with database over SSL
Posted: 29 Jul 2016, 15:04
by Lammert
Thanks for the response. I will try to modify the code and report back the results here.
Re: Cannot connect with database over SSL
Posted: 29 Jul 2016, 15:43
by atrol
To be sure that we don't talk about different things.
You should not modify any existing code of Mantis, but just add this line to file config_inc.php and adjust it to your need.
Code: Select all
$g_dsn = 'mysqli://ssluser:sslpass@dbhost/test?clientflags=2048';
Re: Cannot connect with database over SSL
Posted: 30 Jul 2016, 16:58
by Lammert
I did some tests and have the connection working now with the following line added to the config_inc.php file:
Code: Select all
$g_dsn = "mysqli://$g_db_username:$g_db_password@$g_hostname/$g_database_name?clientflags=" . MYSQLI_CLIENT_SSL;
Obviously this line must be added after the variables for the database connection in the config fille.
Re: Cannot connect with database over SSL
Posted: 31 Jul 2016, 10:52
by atrol
Thanks for coming back and telling the solution.
Re: Cannot connect with database over SSL
Posted: 07 May 2020, 15:51
by thewolf
If you add the SSL requirement to the MySQL user, e.g.:
and you add the following line to the config_inc.php file:
Code: Select all
$g_dsn = "mysqli://$g_db_username:$g_db_password@$g_hostname/$g_database_name?clientflags=" . MYSQLI_CLIENT_SSL;
Mantis keeps working correctly.
But the admin/install.php script doesn't work correctly anymore: it fails to connect to the db, effectively preventing the installation or the upgrade of Mantis if the db connection requires SSL.
Does anyone know how to fix that?
Thanks.