From 0a46f181bf69cc6627f5dc67aab32684fdf76574 Mon Sep 17 00:00:00 2001
From: Geoff Waggott <gwaggott@gmail.com>
Date: Mon, 2 Apr 2018 02:36:58 +0100
Subject: Mysql SSL connection support from pull request #8049 (#10866)

* Mysql SSL connection support from pull request #8049

* updated minified js

* Add ssl_no_verify config option for skipping certificate verification (works only on some PHP setups).

* Remove TODO comment from DbOverSSLCheck diagnostic, will create issue.

* Skip test if SSL is not enabled

* Undo changes to piwik.js for tests.

* Tweak to DbSSLTest.
---
 libs/Zend/Db/Adapter/Mysqli.php | 40 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

(limited to 'libs')

diff --git a/libs/Zend/Db/Adapter/Mysqli.php b/libs/Zend/Db/Adapter/Mysqli.php
index 84dd9cab0b..e94ec26b37 100644
--- a/libs/Zend/Db/Adapter/Mysqli.php
+++ b/libs/Zend/Db/Adapter/Mysqli.php
@@ -299,9 +299,21 @@ class Zend_Db_Adapter_Mysqli extends Zend_Db_Adapter_Abstract
 
         $this->_connection = mysqli_init();
 
+        $enable_ssl = false;
+        $ssl_options = array (
+            'ssl_ca' => null,
+            'ssl_ca_path' => null,
+            'ssl_cert' => null,
+            'ssl_cipher' => null,
+            'ssl_key' => null,
+        );
+
         if(!empty($this->_config['driver_options'])) {
             foreach($this->_config['driver_options'] as $option=>$value) {
-                if(is_string($option)) {
+                if(array_key_exists($option, $ssl_options)) {
+                    $ssl_options[$option] = $value;
+                    $enable_ssl = true;
+                } elseif(is_string($option)) {
                     // Suppress warnings here
                     // Ignore it if it's not a valid constant
                     $option = @constant(strtoupper($option));
@@ -312,6 +324,28 @@ class Zend_Db_Adapter_Mysqli extends Zend_Db_Adapter_Abstract
             }
         }
 
+
+        if ($enable_ssl) {
+            mysqli_ssl_set(
+                $this->_connection,
+                $ssl_options['ssl_key'],
+                $ssl_options['ssl_cert'],
+                $ssl_options['ssl_ca'],
+                $ssl_options['ssl_ca_path'],
+                $ssl_options['ssl_cipher']
+            );
+        }
+
+        $flags = null;
+        if ($enable_ssl) {
+            $flags = MYSQLI_CLIENT_SSL;
+            if (!empty($this->_config['driver_options']['ssl_no_verify'])
+                && defined('MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT')
+            ) {
+                $flags = MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT;
+            }
+        }
+
         // Suppress connection warnings here.
         // Throw an exception instead.
         $_isConnected = @mysqli_real_connect(
@@ -320,7 +354,9 @@ class Zend_Db_Adapter_Mysqli extends Zend_Db_Adapter_Abstract
             $this->_config['username'],
             $this->_config['password'],
             $this->_config['dbname'],
-            $port
+            $port,
+            $socket = null,
+            $enable_ssl ? $flags : null
         );
 
         if ($_isConnected === false || mysqli_connect_errno()) {
-- 
cgit v1.2.3