cant connect to postgres server with ssl in php

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

jb489
Forum Newbie
Posts: 21
Joined: Tue Jul 21, 2009 4:37 am

Re: cant connect to postgres server with ssl in php

Post by jb489 »

ah ok, sorry didnt quite understand you before.

I have the 10.5, does it come previously installed ?

Ok i will look at it in about an hour as i dont have my mac book here and get back to you guys. Ok so if it says disabled under pgsql, what file do i need to replace? and is this a valid file to replace it with? (i attached openssl.so which i downloaded). I cant attach the file, the forum wont allow a .so type. If i find that pgsql is enabled under phpinfo, does this mean i uninstall and reinstall php ?

sorry for all the questions, still trying to get my head around most things

thanks again :)
jb489
Forum Newbie
Posts: 21
Joined: Tue Jul 21, 2009 4:37 am

Re: cant connect to postgres server with ssl in php

Post by jb489 »

here is where i got the file from:

http://jaspan.com/openssl-support-php-under-mamp

line:
Attachment Size
openssl.so 80.46 KB
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Re: cant connect to postgres server with ssl in php

Post by redmonkey »

Whither or not you have the OpenSSL extension enabled within PHP is irrelevant, as I've mentioned previously, having the OpenSSL extension enabled within PHP will not automatically enable SSL support for PostgreSQL connections.

You need to check the output from phpinfo() to determine if you have SSL support for the pgsql extension or not.
jb489
Forum Newbie
Posts: 21
Joined: Tue Jul 21, 2009 4:37 am

Re: cant connect to postgres server with ssl in php

Post by jb489 »

ok cool got it. Ill check in 30 mins and get back to you. Thanks for the patience.
jb489
Forum Newbie
Posts: 21
Joined: Tue Jul 21, 2009 4:37 am

Re: cant connect to postgres server with ssl in php

Post by jb489 »

hi guys, so i checked it and it is disabled:

pgsql

PostgreSQL Support enabled
PostgreSQL(libpq) Version 8.2.12
Multibyte character support enabled
SSL support disabled
Active Persistent Links 0
Active Links 0

how do i enable this ?
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Re: cant connect to postgres server with ssl in php

Post by redmonkey »

The first thing you have to do is to determine how your current pgsql extension has been compiled (as a loadable extension or compiled into the main PHP executable). The easiest way to do that is to view the contents of your php.ini file, your looking for a line something like 'extension=php_pgsql.so' (it may be php_pgsql.dylib), if you find a line like that then your extension is a loadable module, if the line has a semi-colon in front of it then your current extension is compiled into the main PHP executable.

If you're running a loadable extension you can search the web in the hope that someone has previously compiled the pgsql extension with SSL support for OS X, if it's compiled into the main executable you can search the web to see if there is a OS X distribution that has PostgreSQL support with SSL enabled.

Failing those two options, you'll have to build it yourself. A point to note, typically, the pgsql extension is built without SSL support, so if you are developing locally and then looking to run your app on another server you will most likely have to provide the support for enabling SSL support for the PHP PostgreSQL extension on the server(s) your app is installed on.
jb489
Forum Newbie
Posts: 21
Joined: Tue Jul 21, 2009 4:37 am

Re: cant connect to postgres server with ssl in php

Post by jb489 »

this is what i found:

;extension=php_pgsql.dll

so i guess its compiled into the main php executable

looking for a php package with pgsql ssl enabled.

if i dont find one, what is the process of building it myself ?
jb489
Forum Newbie
Posts: 21
Joined: Tue Jul 21, 2009 4:37 am

Re: cant connect to postgres server with ssl in php

Post by jb489 »

though the one i found is a .dll, under the windows extensions area.
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Re: cant connect to postgres server with ssl in php

Post by redmonkey »

You can ignore the .dll as that is Wndows specific. If you connot find a PHP distribution with SSL support enabled for the pgsql extension then building it yourself will be the only option.

I cannot help with the specifics of compiling under OS X 10.5 as my experiences of compiling PHP for MAC OS X has been with 10.2, 10.3 and 10.4 and I am not familiar with the changes within 10.5 from previous versions. The issue is that PHP is constantly changing and as such the pre-requisites change also OS X normally changes the way it does things with each version change to the extent that steps/processes involved in a previous version may not be required or may not be the same.

If you are not familiar with compiling from source code then I'm not sure PHP is the best place to start learning, reason being that in order to build PHP with a reasonable feature set you will have to link against quite a few third-party libraries which will in turn most likely need to be built as well and many of these thrid-party libraries may link against other libraries that may be required to be built. Many of these third-party libraries do not directly support configuring for MAC OS X without a little fudging/massaging of make files.

At the very least, on top of installing the MAC OS X Developers Tools, you are going to require the libraries and header files for libxml2 (might require libiconv (I can't quite remember)), libpq (obtained by building PostgreSQL) and libssl but you'll also probably want libz, libcurl (which may require libssl and libssh2 depending on functionality required), libfreetype, libjpeg, libpng (which requires libz)... the list could go on.
jb489
Forum Newbie
Posts: 21
Joined: Tue Jul 21, 2009 4:37 am

Re: cant connect to postgres server with ssl in php

Post by jb489 »

wow.

jesus.... ill keep looking i guess... :( all this just for ssl? it almost doesnt even seem worth it...

ok so ill try to find a php with pgsql included. When i do i just uninstall and reinstall the new php right ?
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Re: cant connect to postgres server with ssl in php

Post by redmonkey »

Going from knowing nothing to setting up a build environment and successfully building applications from source can seem daunting but if all you are doing is compiling from source to enable certain features or configurations then once you've done it once (or maybe twice) it becomes a lot easier. Compiling PHP isn't too complex in the grand scheme of things, daunting for the novice granted.

If your applications depend on specific configurations/features that are not commonly included/builtin then it's something you will need to learn or employ the services of someone that has the experience to compile PHP to your requirements.

If you do find a package which includes the required SSL support for PostgreSQL then just read the package's documentation regarding installing. Every package is different most will install along side your current install rather than on top of, mainly to reduce the risk of being fudged by Apple's software updater.
jb489
Forum Newbie
Posts: 21
Joined: Tue Jul 21, 2009 4:37 am

Re: cant connect to postgres server with ssl in php

Post by jb489 »

thanks red,

i appreciate all the help you have given. May i have your email address in case i get stuck trying to compile the libraries ? If not, dont worry about it, i know i am asking for a lot here.

Thanks
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Re: cant connect to postgres server with ssl in php

Post by redmonkey »

To be blunt... No. I don't mind giving the occasional bit of advice or throwing an occasional comment into a forum thread but I'm not prepared to offer one on one personal support. Especially as I'm not familiar with your specific Operating System version.

To be honest, it's highly unlikely that you will be the first person to build the required libraries on OS X 10.5, so when you encounter errors just fire up your favorite web search engine and search for the error. You'll most likely find at least one other person that has encountered the error before and with any luck they'll have documented a fix or someone else will have detailed a fix.

Just download the source packages you need, within each package there will generally be an 'INSTALL' or 'README' file which details basic steps required to build the package/library. Follow the instructions, note down any errors if you encounter them and go search the web for a potential fix. Note, the most common error durng configure is 'can't find xxx library' which should be self explanatory.

To give you a rough idea of what you may be letting yourself in for, have a look at this thread....
viewtopic.php?f=31&t=39385&p=208672
... although *please note*, do not follow the guides in that thread word for word, the guide was written quite some time ago for OS X 10.2 and as such will probably not be correct for 10.5

From my own experiences of building on MAC OS X there are two common problems...

1. Linking seems to be a bit of voodoo, most likely issues due to my unfamiliarity of the underlying OS X build system so to avoid many potential headaches install libraries somewhere that the linker will find them (most libraires/packages default to /usr/local which should be fine).

2. Official Apple binaries tend to include executable code for all 4 of it's architectures, a standard 'configure' and 'make' will produce binaries for a single architecture only however, when these binaries are used in conjunction with Apple's official binaries it can lead to problems and failures. A classic example is if you compile your own Apache PHP module then have Apple's official Apache release load your PHP module it generally fails. Things may have changed so this may be a non-issue now and there are various options to get round this if it's still a problem.
Post Reply