mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge pull request #7233 from johndalangin/7077-add-mysql-pdo-ssl
NEW Added MySQL SSL PDO Support (fixes #7077)
This commit is contained in:
commit
723ae37b7d
@ -91,6 +91,14 @@ define('SS_DATABASE_SERVER', 'localhost');
|
|||||||
define('SS_DATABASE_USERNAME', '<user>');
|
define('SS_DATABASE_USERNAME', '<user>');
|
||||||
define('SS_DATABASE_PASSWORD', '<password>');
|
define('SS_DATABASE_PASSWORD', '<password>');
|
||||||
define('SS_DATABASE_NAME', '<database>');
|
define('SS_DATABASE_NAME', '<database>');
|
||||||
|
|
||||||
|
/* SSL support for MySQLPDODatabase */
|
||||||
|
/*
|
||||||
|
define('SS_DATABASE_CLASS', 'MySQLPDODatabase');
|
||||||
|
define('SS_DATABASE_SSL_KEY', '/path/to/keyfile');
|
||||||
|
define('SS_DATABASE_SSL_CERT', '/path/to/certfile');
|
||||||
|
define('SS_DATABASE_SSL_CA', '/path/to/cafile');;
|
||||||
|
*/
|
||||||
--------------------------------------------------
|
--------------------------------------------------
|
||||||
|
|
||||||
Once you have done that, run 'composer install' or './framework/sake dev/build' to create
|
Once you have done that, run 'composer install' or './framework/sake dev/build' to create
|
||||||
|
@ -20,6 +20,14 @@
|
|||||||
* - SS_DATABASE_MEMORY: Use in-memory state if possible. Useful for testing, currently only
|
* - SS_DATABASE_MEMORY: Use in-memory state if possible. Useful for testing, currently only
|
||||||
* supported by the SQLite database adapter.
|
* supported by the SQLite database adapter.
|
||||||
*
|
*
|
||||||
|
* SSL Support (for MySQLPDODatabase)
|
||||||
|
*
|
||||||
|
* - SS_DATABASE_SSL_KEY: Path to SSL private key file
|
||||||
|
* - SS_DATABASE_SSL_CERT: Path to SSL certificate file
|
||||||
|
* - SS_DATABASE_SSL_CA: Path to SSL CA file
|
||||||
|
* - SS_DATABASE_SSL_CIPHER: Override default cipher (defaults are set per database connector)
|
||||||
|
*
|
||||||
|
*
|
||||||
* There is one more setting that is intended to be used by people who work on SilverStripe.
|
* There is one more setting that is intended to be used by people who work on SilverStripe.
|
||||||
* - SS_DATABASE_CHOOSE_NAME: Boolean/Int. If set, then the system will choose a default database name for you if
|
* - SS_DATABASE_CHOOSE_NAME: Boolean/Int. If set, then the system will choose a default database name for you if
|
||||||
* one isn't give in the $database variable. The database name will be "SS_" followed by the name of the folder
|
* one isn't give in the $database variable. The database name will be "SS_" followed by the name of the folder
|
||||||
@ -116,6 +124,30 @@ if(defined('SS_DATABASE_USERNAME') && defined('SS_DATABASE_PASSWORD')) {
|
|||||||
// For SQlite3 memory databases (mainly for testing purposes)
|
// For SQlite3 memory databases (mainly for testing purposes)
|
||||||
if(defined('SS_DATABASE_MEMORY'))
|
if(defined('SS_DATABASE_MEMORY'))
|
||||||
$databaseConfig["memory"] = SS_DATABASE_MEMORY;
|
$databaseConfig["memory"] = SS_DATABASE_MEMORY;
|
||||||
|
|
||||||
|
// Add ssl parameters to databaseConfig if these are defined
|
||||||
|
if(
|
||||||
|
defined('SS_DATABASE_SSL_KEY') &&
|
||||||
|
defined('SS_DATABASE_SSL_CERT')
|
||||||
|
) {
|
||||||
|
|
||||||
|
$databaseConfig['ssl_key'] = SS_DATABASE_SSL_KEY;
|
||||||
|
$databaseConfig['ssl_cert'] = SS_DATABASE_SSL_CERT;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
// Some databases do not require a CA so this is optional
|
||||||
|
if(defined('SS_DATABASE_SSL_CA')) {
|
||||||
|
$databaseConfig['ssl_ca'] = SS_DATABASE_SSL_CA;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Cipher defaults should be set per connector
|
||||||
|
if(defined('SS_DATABASE_SSL_CIPHER')) {
|
||||||
|
$databaseConfig['ssl_cipher'] = SS_DATABASE_SSL_CIPHER;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(defined('SS_SEND_ALL_EMAILS_TO')) {
|
if(defined('SS_SEND_ALL_EMAILS_TO')) {
|
||||||
|
@ -36,8 +36,31 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper {
|
|||||||
}
|
}
|
||||||
case 'MySQLPDODatabase':
|
case 'MySQLPDODatabase':
|
||||||
// May throw a PDOException if fails
|
// May throw a PDOException if fails
|
||||||
|
|
||||||
|
// Set SSL parameters
|
||||||
|
$ssl = null;
|
||||||
|
$defaultCipher = 'DHE-RSA-AES256-SHA';
|
||||||
|
|
||||||
|
if(
|
||||||
|
array_key_exists('ssl_key', $databaseConfig) &&
|
||||||
|
array_key_exists('ssl_cert', $databaseConfig)) {
|
||||||
|
|
||||||
|
$ssl = array(
|
||||||
|
PDO::MYSQL_ATTR_SSL_KEY => $databaseConfig['ssl_key'],
|
||||||
|
PDO::MYSQL_ATTR_SSL_CERT => $databaseConfig['ssl_cert'],
|
||||||
|
);
|
||||||
|
|
||||||
|
if(array_key_exists('ssl_ca', $databaseConfig)) {
|
||||||
|
$ssl[PDO::MYSQL_ATTR_SSL_CA] = $databaseConfig['ssl_ca'];
|
||||||
|
}
|
||||||
|
|
||||||
|
// use default cipher if not provided
|
||||||
|
$ssl[PDO::MYSQL_ATTR_SSL_CA] = array_key_exists('ssl_ca', $databaseConfig) ? $databaseConfig['ssl_ca'] : $defaultCipher;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
$conn = @new PDO('mysql:host='.$databaseConfig['server'], $databaseConfig['username'],
|
$conn = @new PDO('mysql:host='.$databaseConfig['server'], $databaseConfig['username'],
|
||||||
$databaseConfig['password']);
|
$databaseConfig['password'], $ssl);
|
||||||
if($conn) {
|
if($conn) {
|
||||||
$conn->query("SET sql_mode = 'ANSI'");
|
$conn->query("SET sql_mode = 'ANSI'");
|
||||||
return $conn;
|
return $conn;
|
||||||
|
@ -132,6 +132,26 @@ if(isset($_REQUEST['db'])) {
|
|||||||
"database" => $_REQUEST['db'][$type]['database'],
|
"database" => $_REQUEST['db'][$type]['database'],
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// Set SSL parameters if they exist
|
||||||
|
if(
|
||||||
|
defined('SS_DATABASE_SSL_KEY') &&
|
||||||
|
defined('SS_DATABASE_SSL_CERT')
|
||||||
|
) {
|
||||||
|
|
||||||
|
$databaseConfig['ssl_key'] = SS_DATABASE_SSL_KEY;
|
||||||
|
$databaseConfig['ssl_cert'] = SS_DATABASE_SSL_CERT;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if(defined('SS_DATABASE_SSL_CA')) {
|
||||||
|
$databaseConfig['ssl_ca'] = SS_DATABASE_SSL_CA;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(defined('SS_DATABASE_SSL_CIPHER')) {
|
||||||
|
$databaseConfig['ssl_cipher'] = SS_DATABASE_SSL_CIPHER;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
// Normal behaviour without the environment
|
// Normal behaviour without the environment
|
||||||
$databaseConfig = $_REQUEST['db'][$type];
|
$databaseConfig = $_REQUEST['db'][$type];
|
||||||
|
@ -15,6 +15,14 @@ class PDOConnector extends DBConnector {
|
|||||||
*/
|
*/
|
||||||
private static $emulate_prepare = false;
|
private static $emulate_prepare = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Default strong SSL cipher to be used
|
||||||
|
*
|
||||||
|
* @config
|
||||||
|
* @var boolean
|
||||||
|
*/
|
||||||
|
private static $ssl_cipher_default = 'DHE-RSA-AES256-SHA';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The PDO connection instance
|
* The PDO connection instance
|
||||||
*
|
*
|
||||||
@ -159,6 +167,25 @@ class PDOConnector extends DBConnector {
|
|||||||
$options = array();
|
$options = array();
|
||||||
if($parameters['driver'] == 'mysql') {
|
if($parameters['driver'] == 'mysql') {
|
||||||
$options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES ' . $charset . ' COLLATE ' . $connCollation;
|
$options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES ' . $charset . ' COLLATE ' . $connCollation;
|
||||||
|
|
||||||
|
// Set SSL options if they are defined
|
||||||
|
if(
|
||||||
|
array_key_exists('ssl_key', $parameters) &&
|
||||||
|
array_key_exists('ssl_cert', $parameters)) {
|
||||||
|
|
||||||
|
$options[PDO::MYSQL_ATTR_SSL_KEY] = $parameters['ssl_key'];
|
||||||
|
$options[PDO::MYSQL_ATTR_SSL_CERT] = $parameters['ssl_cert'];
|
||||||
|
|
||||||
|
if(array_key_exists('ssl_ca', $parameters)) {
|
||||||
|
$options[PDO::MYSQL_ATTR_SSL_CA] = $parameters['ssl_ca'];
|
||||||
|
}
|
||||||
|
|
||||||
|
// use default cipher if not provided
|
||||||
|
$options[PDO::MYSQL_ATTR_SSL_CIPHER] = $parameters['ssl_cipher'] ?: $this->config()->ssl_cipher_default;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
if(self::is_emulate_prepare()) {
|
if(self::is_emulate_prepare()) {
|
||||||
$options[PDO::ATTR_EMULATE_PREPARES] = true;
|
$options[PDO::ATTR_EMULATE_PREPARES] = true;
|
||||||
|
Loading…
Reference in New Issue
Block a user