NEW Added SSL support for MySQLi Connector (fixes #7242)

Modified MySQLiConnector.php to parse SSL environment variables Modifed MySQLDatabaseConfigurationHelper.php to check SSL variables when testing initial connection Minor: Modified PDOConnector.php to change typo TODO: Add Documentation
2024-10-22 14:05:37 +02:00 · 2017-08-03 19:37:01 +08:00 · 2017-08-03 19:37:01 +08:00 · 8577ad1280
commit 8577ad1280
parent 723ae37b7d
3 changed files with 65 additions and 20 deletions
--- a/dev/install/MySQLDatabaseConfigurationHelper.php
+++ b/dev/install/MySQLDatabaseConfigurationHelper.php
@ -18,13 +18,39 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper {
 	 * @param string $error Error message passed by value
 	 * @return mixed|null Either the connection object, or null if error
 	 */
+
 	protected function createConnection($databaseConfig, &$error) {
 		$error = null;
 		try {
 			switch($databaseConfig['type']) {
 				case 'MySQLDatabase':
-					$conn = @new MySQLi($databaseConfig['server'], $databaseConfig['username'],
-										$databaseConfig['password']);
+
+
+					$conn = mysqli_init();
+					
+					// Set SSL parameters if they exist. All parameters are required.
+					if(
+						array_key_exists('ssl_key', $databaseConfig) &&
+						array_key_exists('ssl_cert', $databaseConfig) &&
+						array_key_exists('ssl_ca', $databaseConfig)) {
+
+						$conn->ssl_set(
+							$databaseConfig['ssl_key'],
+							$databaseConfig['ssl_cert'],
+							$databaseConfig['ssl_ca'],
+							dirname($databaseConfig['ssl_ca']),
+							array_key_exists('ssl_cipher', $databaseConfig) ? $databaseConfig['ssl_cipher'] : Config::inst()->get('MySQLiConnector', 'ssl_cipher_default')
+						);
+
+					}
+
+
+					@$conn->real_connect(
+						$databaseConfig['server'],
+						$databaseConfig['username'],
+						$databaseConfig['password']
+					);
+
 					if($conn && empty($conn->connect_errno)) {
 						$conn->query("SET sql_mode = 'ANSI'");
 						return $conn;
@ -39,7 +65,6 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper {

 					// Set SSL parameters
 					$ssl = null;
-					$defaultCipher = 'DHE-RSA-AES256-SHA';

 					if(
 						array_key_exists('ssl_key', $databaseConfig) &&
@ -55,7 +80,7 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper {
 						}

 						// use default cipher if not provided
-						$ssl[PDO::MYSQL_ATTR_SSL_CA] = array_key_exists('ssl_ca', $databaseConfig) ? $databaseConfig['ssl_ca'] : $defaultCipher;
+						$ssl[PDO::MYSQL_ATTR_SSL_CA] = array_key_exists('ssl_ca', $databaseConfig) ? $databaseConfig['ssl_ca'] : Config::inst()->get('PDOConnector', 'ssl_cipher_default');

 					}

--- a/model/connect/MySQLiConnector.php
+++ b/model/connect/MySQLiConnector.php
@ -7,6 +7,14 @@
 */
 class MySQLiConnector extends DBConnector {

+	/**
+	 * Default strong SSL cipher to be used
+	 *
+	 * @config
+	 * @var string
+	 */
+	private static $ssl_cipher_default = 'DHE-RSA-AES256-SHA';
+
 	/**
 	 * Connection to the MySQL database
 	 *
@ -60,23 +68,35 @@ class MySQLiConnector extends DBConnector {
 		$connCharset = Config::inst()->get('MySQLDatabase', 'connection_charset');
 		$connCollation = Config::inst()->get('MySQLDatabase', 'connection_collation');

-		if(!empty($parameters['port'])) {
-			$this->dbConn = new MySQLi(
-				$parameters['server'],
-				$parameters['username'],
-				$parameters['password'],
-				$selectedDB,
-				$parameters['port']
-			);
-		} else {
-			$this->dbConn = new MySQLi(
-				$parameters['server'],
-				$parameters['username'],
-				$parameters['password'],
-				$selectedDB
+		$this->dbConn = mysqli_init();
+		
+		// Set SSL parameters if they exist. All parameters are required.
+
+		if(
+			array_key_exists('ssl_key', $parameters) &&
+			array_key_exists('ssl_cert', $parameters) &&
+			array_key_exists('ssl_ca', $parameters)) {
+
+			$this->dbConn->ssl_set(
+				$parameters['ssl_key'],
+				$parameters['ssl_cert'],
+				$parameters['ssl_ca'],
+				dirname($parameters['ssl_ca']),
+				array_key_exists('ssl_cipher', $parameters) ? $parameters['ssl_cipher'] : Config::inst()->get('MySQLiConnector', 'ssl_cipher_default')
 			);
+
 		}

+
+		$this->dbConn->real_connect(
+			$parameters['server'],
+			$parameters['username'],
+			$parameters['password'],
+			$selectedDB,
+			!empty($parameters['port']) ? $parameters['port'] : ini_get("mysqli.default_port")
+
+		);
+
 		if ($this->dbConn->connect_error) {
 			$this->databaseError("Couldn't connect to MySQL database | " . $this->dbConn->connect_error);
 		}
--- a/model/connect/PDOConnector.php
+++ b/model/connect/PDOConnector.php
@ -19,7 +19,7 @@ class PDOConnector extends DBConnector {
 	 * Default strong SSL cipher to be used
 	 *
 	 * @config
-	 * @var boolean
+	 * @var string
 	 */
 	private static $ssl_cipher_default = 'DHE-RSA-AES256-SHA';

@ -181,7 +181,7 @@ class PDOConnector extends DBConnector {
 				}

 				// use default cipher if not provided
-				$options[PDO::MYSQL_ATTR_SSL_CIPHER] = $parameters['ssl_cipher'] ?: $this->config()->ssl_cipher_default;
+				$options[PDO::MYSQL_ATTR_SSL_CIPHER] = $parameters['ssl_cipher'] ?: Config::inst()->get('PDOConnector', 'ssl_cipher_default');

 			}