diff options
| author | Geoff Waggott <gwaggott@gmail.com> | 2018-04-02 04:36:58 +0300 |
|---|---|---|
| committer | Benaka <diosmosis@users.noreply.github.com> | 2018-04-02 04:36:58 +0300 |
| commit | 0a46f181bf69cc6627f5dc67aab32684fdf76574 (patch) | |
| tree | 989901d9292f225c2644a99f9a9faae68593d048 /libs | |
| parent | ec2bb305723fbb43d302947c4833071a68ad4f93 (diff) | |
Mysql SSL connection support from pull request #8049 (#10866)
* Mysql SSL connection support from pull request #8049
* updated minified js
* Add ssl_no_verify config option for skipping certificate verification (works only on some PHP setups).
* Remove TODO comment from DbOverSSLCheck diagnostic, will create issue.
* Skip test if SSL is not enabled
* Undo changes to piwik.js for tests.
* Tweak to DbSSLTest.
Diffstat (limited to 'libs')
| -rw-r--r-- | libs/Zend/Db/Adapter/Mysqli.php | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/libs/Zend/Db/Adapter/Mysqli.php b/libs/Zend/Db/Adapter/Mysqli.php index 84dd9cab0b..e94ec26b37 100644 --- a/libs/Zend/Db/Adapter/Mysqli.php +++ b/libs/Zend/Db/Adapter/Mysqli.php @@ -299,9 +299,21 @@ class Zend_Db_Adapter_Mysqli extends Zend_Db_Adapter_Abstract $this->_connection = mysqli_init(); + $enable_ssl = false; + $ssl_options = array ( + 'ssl_ca' => null, + 'ssl_ca_path' => null, + 'ssl_cert' => null, + 'ssl_cipher' => null, + 'ssl_key' => null, + ); + if(!empty($this->_config['driver_options'])) { foreach($this->_config['driver_options'] as $option=>$value) { - if(is_string($option)) { + if(array_key_exists($option, $ssl_options)) { + $ssl_options[$option] = $value; + $enable_ssl = true; + } elseif(is_string($option)) { // Suppress warnings here // Ignore it if it's not a valid constant $option = @constant(strtoupper($option)); @@ -312,6 +324,28 @@ class Zend_Db_Adapter_Mysqli extends Zend_Db_Adapter_Abstract } } + + if ($enable_ssl) { + mysqli_ssl_set( + $this->_connection, + $ssl_options['ssl_key'], + $ssl_options['ssl_cert'], + $ssl_options['ssl_ca'], + $ssl_options['ssl_ca_path'], + $ssl_options['ssl_cipher'] + ); + } + + $flags = null; + if ($enable_ssl) { + $flags = MYSQLI_CLIENT_SSL; + if (!empty($this->_config['driver_options']['ssl_no_verify']) + && defined('MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT') + ) { + $flags = MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT; + } + } + // Suppress connection warnings here. // Throw an exception instead. $_isConnected = @mysqli_real_connect( @@ -320,7 +354,9 @@ class Zend_Db_Adapter_Mysqli extends Zend_Db_Adapter_Abstract $this->_config['username'], $this->_config['password'], $this->_config['dbname'], - $port + $port, + $socket = null, + $enable_ssl ? $flags : null ); if ($_isConnected === false || mysqli_connect_errno()) { |