Problems Using Http Tunnelling With Ssl

[jexxer]

Hello.

I'd like to use the http tunnelling with ssl but I cannot get it working.

Tunnelling without SSL is working fine and authentication is working too.

If i use the host via https:// i get the following error:

Code:

Error No. 1
HTTP Error. Could not connect to the tunnelling URL

I activated the debug function in the SQLyogTunnel.php, but nothing is logged.

Then i tried to call the file in the browser what gives me the following error message:

Code:

ErrorWebyog

Tunnel version: 5.17.

This PHP page exposes the MySQL API as a set of webservices.

This page allows SQLyog to manage a MySQL server even if the MySQL port is blocked or remote access to MySQL is not allowed.

Visit Webyog to get more details about SQLyog.

Error!file_get_contents(php://input) failed

The debug logfile has now some lines:

Code:

Enter aremodulesinstalled
Enter AreModulesInstalled
Enter processquery
Trying to get php://input
Got php://input!
xmlrecvd is blank
Enter showaccesserror
Exit showaccesserror
Exit AreModulesInstalled

The webserver has a selfsigned certificate and the browser asks if the user wants to trust it. Maybe this is a problem?

Hope you can help.

[peterlaursen]

We do not support SSL with SQLyog as of now.

There was at an early stage, but it was removed (as I understood due to US export restrictions amd legal issues). This is a general problem. Also SSL support was removed from the Windows version of the MySQL server for a long period and has only been introduced recently.

I also think that we can now.

To my best understanding this is not HTTP-related at all. Also direct connection ussing SSL would fail (if there was an option to choose it of course!). Correct me if I am wrong!

[jexxer]

peterlaursen wrote on Sep 8 2006, 01:26 AM:

We do not support SSL with SQLyog as of now.

You want to say that HTTP Tunneling over SSL is not possible? There are plenty of Topics that tell me it should work.

I do not mean SSL Tunneling via a wrapper but by simple HTTPS on Port 443 at my webserver.

[peterlaursen]

I will ask some more 'techno' to reply on the HTTPS-thing

[Rohit]

HTTPS is definitely supported, and many customers use it regularly.

I think Peter got confused with the SSL encryption provided by MySQL APIs.

But, I am not sure whether SQLyog will be able to handle a certificate. We have to set a similar environment to test it.

@jexxer: Can you help us accelerate the test/debug by giving us temporary access to a test server having a similar setup.

If yes, please create a ticket at http://www.webyog.com/support

[jexxer]

Rohit wrote on Sep 8 2006, 09:14 AM:

HTTPS is definitely supported, and many customers use it regularly.

I think Peter got confused with the SSL encryption provided by MySQL APIs.

But, I am not sure whether SQLyog will be able to handle a certificate. We have to set a similar environment to test it.

@jexxer: Can you help us accelerate the test/debug by giving us temporary access to a test server having a similar setup.

If yes, please create a ticket at http://www.webyog.com/support

I'm sorry, but i have no similar setup available. To the server I talked about i only have FTP access to. If this is enough for you to test I can give you the login data.

[peterlaursen]

@Rohit …

Looks like you and Sabya better find out how to set up a certificate with a webserver! 😀

and BTW: there was a thing with SSH and PUBLIC/PRIVATE KEY authentication too!

[uyuni]

I've got the same problem.

I use https on a server with a signed certificate -> no problem.

When I try to use it with a self-signed certificate -> could not connect to the tunneling URL.

I can provide a URL if you'd like to test.

Emile

[peterlaursen]

thank you uyuni.

Well now after the release of beta3 I think we should take the time to understand this!

[jexxer]

I would highly appreciate this, because the servers at our university mainly have self signed certs.

[peterlaursen]

We have an non-released ´pre-beta' 4 here:

http://www.webyog.com/downloads/betas/not_…SQLyog52Ent.exe

they tell me the the issue with certificates and HTTPS is solved. Can you verify this on your servers?

[jexxer]

peterlaursen: Please tell your programmers they are absolutely great. 🙂

Yes it works now.

I want to say thank you for listening to our needs. It is astonishing how fast you guys make this great program even better day by day.

Keep going!

[uyuni]

🙂

Unbelievable!

So fast!

Yes, it's working!

Thank you!

[uyuni]

Error in 5.2 Beta:

You can't turn off “rebuild tag files on startup”

[peterlaursen]

@uyuni:

It works for me with the latest internal build from:

http://www.webyog.com/downloads/betas/not_…SQLyog52Ent.exe

(beta5n = beta 5 not_yet_released)

[LCS]

'lo there,

I have more issues on the https thing:

the tunneling via https://… in the SQLyog client itself (5.19 Enterprise) works fine.

But when I want to use that same tunnel with sja, it always ends in an error like above:

ERROR: 1, HTTP Error. Could not connect to the tunneling URL.

For security reasons, https is the only way I can do the connection here…

Any comments?

tnx & bye,

CaBleman@LCS

LCS wrote on Oct 4 2006, 03:58 PM:

I have more issues on the https thing:

I have to correct myself: I also tested it with just “http://…”,

and the tunneling via sja.exe is not working.

Is that a known bug with sja? I know it's offtopic in that thread here now…

tnx & bye,

CaBleman

[peterlaursen]

offtopic .. well yes this has nothing with SSL-CERTIFICATES to do, right?

There is no known issue. SJA and SQLyog should be totally identical in this respect and normally are. The error message:

“ERROR: 1, HTTP Error. Could not connect to the tunneling URL.”

.. could imply that your URL is not entered correct. Please check the jobfile! URL's are case-sensitive – rememeber!

If you are perfectly sure that everything is OK, could we then have temporary access to the server? We won't need 'real data' – just a dummy database with a few small tables.

[peterlaursen]

BTW: it could be a firewall issue too. Do you have a 'personal firewall', a router, or 'shared Internet Connection' ?

[LCS]

peterlaursen wrote on Oct 4 2006, 06:35 PM:

BTW: it could be a firewall issue too. Do you have a 'personal firewall', a router, or 'shared Internet Connection' ?

'lo Peter,

tnx for the reply. Of course we are behind a router/dmz, who is not these days? 😉

Is there a certain port to be opened?

Why does the tunneling work with the client work and doesn't work with SJA?

BTW, I used the wizard to build the job file and used the existing, working tunnelling connection as the SJA connection. Plus, I checked the jobfile, too.

Also, I of course tried the Linux SJA on the server itself. Of course it was not a problem to connect to the localhost, but here I could not send the notification mail (tried different accounts)! Is there a debugging mode or something? There's nothing interesting in *.log or *session.xml…

I'm relatively new to SQLyog but was enthusiastic about it from the first moment.

Please don't let the random crashes/disappearings, and my problem with notification jobs

be deteriorative about this 😉

[peterlaursen]

1) we know we have an issue with mails with the SJA for Linux. Pretty silly that nobody – including ourselves – noticed this before. We will do pur best to release SJA version 5.2 with the fix.

2) no port needs to be opened if the router has NAT functionality. And it is the common HTP/HTTPS ports (and SMTP port for mail) that are used only. And the same for SQLyog and SJA. However a 'personal firewall' may need to be told that SJA.EXE shall have access to the internet. We have had quite a lot of issues with ZoneAlarm that it kept blocking connections even if it claimed to be configured to allow for them. A reinstall has often been the onluy solution.

I have no option to test HTTPS tonight, but just tested HTTP with 5.2 beta5 and a Notifications job.

The SQLyog executable (tries to) reconnect(s) if connection is lost. SJA does not. That could be the reason for the difference. However it then indicates a HTTP-connection that is not very stable.

You will need to wait for tomorrow for more action. If you can give temporary access you can create a ticket with the details.

EDIT: there seems to be a problem with SMTP authentication and 5.2 beta 5 .. but that is quite another issue! Connection and the query is OK!

[peterlaursen]

The SMTP auth. issue with 5.2 (not 5.19) is confirmed and fixed.

@LCS: we cannot do any progress with your problems without more info. Best of all server access.

You should understand that when you connect to the tunneller from SJA (unlike from a browser) connection will need to be established hundreds or thousands of times!

If you access from a browser and click 'refresh' several times does it then occur from time to time that you can't reach the tunneller? It can simply be because the webserver is configured too 'low' compared to what it has to do.

[LCS]

'lo Peter…

I can narrow it down: the problem with the windows sja via tunnel is the http user auth!

Of course we have an .htacces on the server in the directory containing SQLyogTunnel.php

So the windows sja works with an unprotected http/https-tunneling,

but does not with an http-auth-protected tunnel.

The SQLyog client works fine both ways!

Would be nice if that will be fixed in the near future – I have that peculiar feeling about unprotected power-scripts like your tunnel script ;)=)

Thanx & bye,

LCS

[peterlaursen]

Quote:

about unprotected power-scripts like your tunnel script

it is not more powerfull than a lot of PHP-scripts. Is it?

If you use HTTP-tunnelling with both SQLyog and SJA I still do not understand …

[LCS]

peterlaursen wrote on Oct 5 2006, 12:25 PM:

it is not more powerfull than a lot of PHP-scripts. Is it?

quite 😉

If you use HTTP-tunnelling with both SQLyog and SJA I still do not understand …

OK – let me explain:

let's assume the following url for tunneling:

https://www.servername.de/yogdir/SQLyogTunnel.php

On the webserver there is a file .htaccess in the directory “yogdir”,

in which there is a http auth for directory access configured,

with user “herbert” and password “herb”.

In SQLyog you can configure all that for tunneling and it works fine.

With SJA it only works if I remove the http authentication.

Without the .htaccess user restriction SJA works fine with http AND https.

Can you please look after that? Professional users tend to (try to ;)) protect their stuff…

I reckon that tunneling with https in conjunction with http auth is a pretty decent protection?

Thanx & bye,

LCS

[peterlaursen]

Quote:

With SJA it only works if I remove the http authentication.

that surprises me a lot! never heard of it before!

We will absolutely look at this!

Could you post the exact configuration parameters from .htaccess

You can create a ticket if you like and 'fake' details as you like.

[LCS]

peterlaursen wrote on Oct 5 2006, 06:11 PM:

that surprises me a lot! never heard of it before!

We will absolutely look at this!

Thanx !

Quote:

Could you post the exact configuration parameters from .htaccess

You can create a ticket if you like and 'fake' details as you like.

—

AuthType Basic

AuthName “Access for /yogdir”

AuthUserFile /my/home/is/my/castle/htpasswd

require user herbert

—

I think this is standard and works manually as well as with SQLyog.

Bye,

LCS (will be on a short vacation…)

[LCS]

peterlaursen wrote on Oct 5 2006, 06:11 PM:

You can create a ticket if you like and 'fake' details as you like.

OK, created a ticket…

Thanx & bye,

LCS

[Author]

Posts