[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Katrin Fischer changed: What|Removed |Added CC||katrin.fisc...@bsz-bw.de --- Comment #19 from Katrin Fischer --- This won't get ported back to 16.11.x as it is an enhancement. Not changing status to Resolved Fixed as there is an unpushed follow-up on bug 18215. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 M. Tompsett changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=18245 --- Comment #18 from M. Tompsett --- (In reply to Marcel de Rooy from comment #17) > Note: tls is not found in debian/templates/koha-conf-site.xml.in See bug 18245. :) -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Marcel de Rooy changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=18215 -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Marcel de Rooy changed: What|Removed |Added CC||m.de.r...@rijksmuseum.nl --- Comment #17 from Marcel de Rooy --- Note: tls is not found in debian/templates/koha-conf-site.xml.in -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Tomás Cohen Arazi changed: What|Removed |Added Blocks||18215 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18215 [Bug 18215] Resolve warning on $tls in Database.pm -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Kyle M Hall changed: What|Removed |Added Status|Passed QA |Pushed to Master CC||k...@bywatersolutions.com --- Comment #16 from Kyle M Hall --- Pushed to master for 17.05, thanks Dimitris! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 --- Comment #15 from Jonathan Druart --- (In reply to Mirko Tietgen from comment #13) > In the non-TLS file I see a lot of MySQL commands. Like SELECTs. In the TLS > file I don't (actually I see one, not sure why), but mostly "garbage". Yes indeed, it works as intended! -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Jonathan Druart changed: What|Removed |Added Attachment #59383|0 |1 is obsolete|| --- Comment #14 from Jonathan Druart --- Created attachment 60467 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=60467&action=edit Bug 15427 : Enable TLS support for MySQL In summary, changes are: 1) If you have chosen MySQL, Makefile.PL will ask you if you want TLS (default: "no"), and then the locations for CA cert, client cert and client key (reasonable defaults are provided). Settings , , and are added in koha-conf.xml 2) If yes in koha-conf.xml, the installer and database connection scripts add the TLS options in both DBI connection strings and mysql command line To test 1/ Apply patch 2/ Check everything still works and db connections are the same as before 3/ Either run Makefile.PL and step through the options or edit your koha-conf.xml to enable TLS 4/ Check db connections are still working Patch provided to me by Dimitris Kamenopoulos and I reformatted it into a git patch, any errors are probably mine Signed-off-by: Mirko Tietgen Signed-off-by: Jonathan Druart -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Jonathan Druart changed: What|Removed |Added Status|Signed Off |Passed QA -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 --- Comment #13 from Mirko Tietgen --- In the non-TLS file I see a lot of MySQL commands. Like SELECTs. In the TLS file I don't (actually I see one, not sure why), but mostly "garbage". -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Jonathan Druart changed: What|Removed |Added CC||jonathan.dru...@bugs.koha-c ||ommunity.org --- Comment #12 from Jonathan Druart --- (In reply to Mirko Tietgen from comment #11) > and then compared the output files, which were obviously different. Yes they are different, but I do not find anything obvious that is telling me the connection is encrypted. What should I search for? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 --- Comment #11 from Mirko Tietgen --- FYI what remember from testing, I did the following: - created certificates. This might be helpful https://dev.mysql.com/doc/refman/5.5/en/creating-ssl-files-using-openssl.html#creating-ssl-files-using-openssl-unix-command-line - edited koha-conf.xml like this (add , , , ) > > mysql > koha_koha > 127.0.0.1 > 3306 > yes > /home/mirko/newcerts/ca.pem > /home/mirko/newcerts/client-cert.pem > /home/mirko/newcerts/client-key.pem > koha_koha > … - logged out of the staff client - ran the following command to output to a text file > sudo tcpdump -i lo port 3306 -s 65535 -n -q -A > login.yestls3.txt - logged into the staff client - stopped tcpdump after a bit - logged out - changed config to no - started tcpdump again, output to another file > sudo tcpdump -i lo port 3306 -s 65535 -n -q -A > login.notls3.txt - logged into the staff client - stopped tcpdump after a bit and then compared the output files, which were obviously different. I hope I did not forget anything in between, was a while ago. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Mirko Tietgen changed: What|Removed |Added Status|Patch doesn't apply |Signed Off --- Comment #10 from Mirko Tietgen --- I rebased it and tested using tcpdump. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Mirko Tietgen changed: What|Removed |Added Attachment #45992|0 |1 is obsolete|| --- Comment #9 from Mirko Tietgen --- Created attachment 59383 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=59383&action=edit Bug 15427 : Enable TLS support for MySQL In summary, changes are: 1) If you have chosen MySQL, Makefile.PL will ask you if you want TLS (default: "no"), and then the locations for CA cert, client cert and client key (reasonable defaults are provided). Settings , , and are added in koha-conf.xml 2) If yes in koha-conf.xml, the installer and database connection scripts add the TLS options in both DBI connection strings and mysql command line To test 1/ Apply patch 2/ Check everything still works and db connections are the same as before 3/ Either run Makefile.PL and step through the options or edit your koha-conf.xml to enable TLS 4/ Check db connections are still working Patch provided to me by Dimitris Kamenopoulos and I reformatted it into a git patch, any errors are probably mine Signed-off-by: Mirko Tietgen -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 --- Comment #8 from Mirko Tietgen --- Caused by changes in bug 13669. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Mirko Tietgen changed: What|Removed |Added Status|Needs Signoff |Patch doesn't apply --- Comment #7 from Mirko Tietgen --- This needs a rebase. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 M. Tompsett changed: What|Removed |Added See Also||https://bugs.koha-community ||.org/bugzilla3/show_bug.cgi ||?id=16690 CC||mtomp...@hotmail.com --- Comment #6 from M. Tompsett --- Bug 16690 would make testing this easier, I think. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Owen Leonard changed: What|Removed |Added Assignee|gmcha...@gmail.com |ch...@bigballofwax.co.nz -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Srdjan Jankovic changed: What|Removed |Added CC||srd...@catalyst.net.nz --- Comment #5 from Srdjan Jankovic --- You can a) install mysql 5.7, that one fails to connect if you ask for ssl and cannot do it, or b) use tcpdump, it will be fairly obvious whether the connection is encrypted -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 --- Comment #4 from Mirko Tietgen --- When I set to yes and add nothing in the cert fields, it seems to work as before. I don't think it should? I also wonder how to verify that it actually uses TLS. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 --- Comment #3 from Chris Cormack --- (In reply to Mirko Tietgen from comment #2) > Can this be tested locally or do I need to set up an external MySQL DB? YOu should be able to test it locally, just make sure MySQL is running on a port not a socket. -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 --- Comment #2 from Mirko Tietgen --- Can this be tested locally or do I need to set up an external MySQL DB? -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Mirko Tietgen changed: What|Removed |Added CC||mi...@abunchofthings.net -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 --- Comment #1 from Chris Cormack --- Created attachment 45992 --> http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=45992&action=edit Bug 15427 : Enable TLS support for MySQL In summary, changes are: 1) If you have chosen MySQL, Makefile.PL will ask you if you want TLS (default: "no"), and then the locations for CA cert, client cert and client key (reasonable defaults are provided). Settings , , and are added in koha-conf.xml 2) If yes in koha-conf.xml, the installer and database connection scripts add the TLS options in both DBI connection strings and mysql command line To test 1/ Apply patch 2/ Check everything still works and db connections are the same as before 3/ Either run Makefile.PL and step through the options or edit your koha-conf.xml to enable TLS 4/ Check db connections are still working Patch provided to me by Dimitris Kamenopoulos and I reformatted it into a git patch, any errors are probably mine -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
[Koha-bugs] [Bug 15427] Allow db connections using TLS
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=15427 Chris Cormack changed: What|Removed |Added Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes. ___ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/