NEW Added MySQL SSL PDO Support

Modified ConfigureFromEnv.php to parse SS_DATABASE_SSL variables (also added a bit of documentation)
Modified PDOConnector.php to implement variables set in ConfigureFromEnv if exists
Modified install files MySQLDatabaseConfigurationHelper and install.php5 to accept and implement SS_DATABASE_SSL variables set in _ss_environment.php

TODO: Add documentation
This commit is contained in:
John 2017-08-02 19:29:23 +08:00
parent d3f700e134
commit 2f9bfae1f9
5 changed files with 85 additions and 1 deletions

View File

@ -91,6 +91,14 @@ define('SS_DATABASE_SERVER', 'localhost');
define('SS_DATABASE_USERNAME', '<user>'); define('SS_DATABASE_USERNAME', '<user>');
define('SS_DATABASE_PASSWORD', '<password>'); define('SS_DATABASE_PASSWORD', '<password>');
define('SS_DATABASE_NAME', '<database>'); define('SS_DATABASE_NAME', '<database>');
/* SSL support for MySQLPDODatabase */
/*
define('SS_DATABASE_CLASS', 'MySQLPDODatabase');
define('SS_DATABASE_SSL_KEY', '/path/to/keyfile');
define('SS_DATABASE_SSL_CERT', '/path/to/certfile');
define('SS_DATABASE_SSL_CA', '/path/to/cafile');;
*/
-------------------------------------------------- --------------------------------------------------
Once you have done that, run 'composer install' or './framework/sake dev/build' to create Once you have done that, run 'composer install' or './framework/sake dev/build' to create

View File

@ -20,6 +20,14 @@
* - SS_DATABASE_MEMORY: Use in-memory state if possible. Useful for testing, currently only * - SS_DATABASE_MEMORY: Use in-memory state if possible. Useful for testing, currently only
* supported by the SQLite database adapter. * supported by the SQLite database adapter.
* *
* SSL Support (for MySQLPDODatabase)
*
* - SS_DATABASE_SSL_KEY: Path to SSL private key file
* - SS_DATABASE_SSL_CERT: Path to SSL certificate file
* - SS_DATABASE_SSL_CA: Path to SSL CA file
* - SS_DATABASE_SSL_CIPHER: Alternative cipher (defaults to DHE-RSA-AES256-SHA)
*
*
* There is one more setting that is intended to be used by people who work on SilverStripe. * There is one more setting that is intended to be used by people who work on SilverStripe.
* - SS_DATABASE_CHOOSE_NAME: Boolean/Int. If set, then the system will choose a default database name for you if * - SS_DATABASE_CHOOSE_NAME: Boolean/Int. If set, then the system will choose a default database name for you if
* one isn't give in the $database variable. The database name will be "SS_" followed by the name of the folder * one isn't give in the $database variable. The database name will be "SS_" followed by the name of the folder
@ -116,6 +124,25 @@ if(defined('SS_DATABASE_USERNAME') && defined('SS_DATABASE_PASSWORD')) {
// For SQlite3 memory databases (mainly for testing purposes) // For SQlite3 memory databases (mainly for testing purposes)
if(defined('SS_DATABASE_MEMORY')) if(defined('SS_DATABASE_MEMORY'))
$databaseConfig["memory"] = SS_DATABASE_MEMORY; $databaseConfig["memory"] = SS_DATABASE_MEMORY;
// PDO MySQL SSL parameters
if(defined('SS_DATABASE_CLASS') && SS_DATABASE_CLASS === 'MySQLPDODatabase') {
// add ssl parameters if these are defined
if(
defined('SS_DATABASE_SSL_KEY') &&
defined('SS_DATABASE_SSL_CERT') &&
defined('SS_DATABASE_SSL_CA')
) {
$databaseConfig['ssl_key'] = SS_DATABASE_SSL_KEY;
$databaseConfig['ssl_cert'] = SS_DATABASE_SSL_CERT;
$databaseConfig['ssl_ca'] = SS_DATABASE_SSL_CA;
$databaseConfig['ssl_cipher'] = defined('SS_DATABASE_SSL_CIPHER') ? SS_DATABASE_SSL_CIPHER : 'DHE-RSA-AES256-SHA';
}
}
} }
if(defined('SS_SEND_ALL_EMAILS_TO')) { if(defined('SS_SEND_ALL_EMAILS_TO')) {

View File

@ -36,8 +36,27 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper {
} }
case 'MySQLPDODatabase': case 'MySQLPDODatabase':
// May throw a PDOException if fails // May throw a PDOException if fails
$ssl = null;
if(
array_key_exists('ssl_key', $databaseConfig) &&
array_key_exists('ssl_cert', $databaseConfig) &&
array_key_exists('ssl_ca', $databaseConfig) &&
array_key_exists('ssl_cipher', $databaseConfig)) {
$ssl = array(
PDO::MYSQL_ATTR_SSL_KEY => $databaseConfig['ssl_key'],
PDO::MYSQL_ATTR_SSL_CERT => $databaseConfig['ssl_cert'],
PDO::MYSQL_ATTR_SSL_CA => $databaseConfig['ssl_ca'],
PDO::MYSQL_ATTR_SSL_CIPHER => $databaseConfig['ssl_cipher'],
);
}
$conn = @new PDO('mysql:host='.$databaseConfig['server'], $databaseConfig['username'], $conn = @new PDO('mysql:host='.$databaseConfig['server'], $databaseConfig['username'],
$databaseConfig['password']); $databaseConfig['password'], $ssl);
if($conn) { if($conn) {
$conn->query("SET sql_mode = 'ANSI'"); $conn->query("SET sql_mode = 'ANSI'");
return $conn; return $conn;

View File

@ -132,6 +132,20 @@ if(isset($_REQUEST['db'])) {
"database" => $_REQUEST['db'][$type]['database'], "database" => $_REQUEST['db'][$type]['database'],
); );
if(
defined('SS_DATABASE_SSL_KEY') &&
defined('SS_DATABASE_SSL_CERT') &&
defined('SS_DATABASE_SSL_CA')
) {
$databaseConfig['ssl_key'] = SS_DATABASE_SSL_KEY;
$databaseConfig['ssl_cert'] = SS_DATABASE_SSL_CERT;
$databaseConfig['ssl_ca'] = SS_DATABASE_SSL_CA;
$databaseConfig['ssl_cipher'] = defined('SS_DATABASE_SSL_CIPHER') ? SS_DATABASE_SSL_CIPHER : 'DHE-RSA-AES256-SHA';
}
} else { } else {
// Normal behaviour without the environment // Normal behaviour without the environment
$databaseConfig = $_REQUEST['db'][$type]; $databaseConfig = $_REQUEST['db'][$type];

View File

@ -159,6 +159,22 @@ class PDOConnector extends DBConnector {
$options = array(); $options = array();
if($parameters['driver'] == 'mysql') { if($parameters['driver'] == 'mysql') {
$options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES ' . $charset . ' COLLATE ' . $connCollation; $options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES ' . $charset . ' COLLATE ' . $connCollation;
// Set SSL options from mysite/_config.php if they exist
if(
array_key_exists('ssl_key', $parameters) &&
array_key_exists('ssl_cert', $parameters) &&
array_key_exists('ssl_ca', $parameters) &&
array_key_exists('ssl_cipher', $parameters)) {
$options[PDO::MYSQL_ATTR_SSL_KEY] = $parameters['ssl_key'];
$options[PDO::MYSQL_ATTR_SSL_CERT] =$parameters['ssl_cert'];
$options[PDO::MYSQL_ATTR_SSL_CA] = $parameters['ssl_ca'];
$options[PDO::MYSQL_ATTR_SSL_CIPHER] = $parameters['ssl_cipher'];
}
} }
if(self::is_emulate_prepare()) { if(self::is_emulate_prepare()) {
$options[PDO::ATTR_EMULATE_PREPARES] = true; $options[PDO::ATTR_EMULATE_PREPARES] = true;