mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
FIX Add back missing SSL support for database connections (#10784)
This commit is contained in:
parent
ffd0916922
commit
c4b8d9a246
@ -6,6 +6,7 @@ use SilverStripe\Control\HTTPResponse_Exception;
|
|||||||
use SilverStripe\Dev\Install\DatabaseAdapterRegistry;
|
use SilverStripe\Dev\Install\DatabaseAdapterRegistry;
|
||||||
use SilverStripe\ORM\DB;
|
use SilverStripe\ORM\DB;
|
||||||
use Exception;
|
use Exception;
|
||||||
|
use LogicException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Simple Kernel container
|
* Simple Kernel container
|
||||||
@ -116,6 +117,29 @@ class CoreKernel extends BaseKernel
|
|||||||
"password" => Environment::getEnv('SS_DATABASE_PASSWORD') ?: null,
|
"password" => Environment::getEnv('SS_DATABASE_PASSWORD') ?: null,
|
||||||
];
|
];
|
||||||
|
|
||||||
|
// Only add SSL keys in the array if there is an actual value associated with them
|
||||||
|
$sslConf = [
|
||||||
|
'ssl_key' => 'SS_DATABASE_SSL_KEY',
|
||||||
|
'ssl_cert' => 'SS_DATABASE_SSL_CERT',
|
||||||
|
'ssl_ca' => 'SS_DATABASE_SSL_CA',
|
||||||
|
'ssl_cipher' => 'SS_DATABASE_SSL_CIPHER',
|
||||||
|
];
|
||||||
|
foreach ($sslConf as $key => $envVar) {
|
||||||
|
$envValue = Environment::getEnv($envVar);
|
||||||
|
if ($envValue) {
|
||||||
|
$databaseConfig[$key] = $envValue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Having only the key or cert without the other is bad configuration.
|
||||||
|
if ((isset($databaseConfig['ssl_key']) && !isset($databaseConfig['ssl_cert']))
|
||||||
|
|| (!isset($databaseConfig['ssl_key']) && isset($databaseConfig['ssl_cert']))
|
||||||
|
) {
|
||||||
|
user_error('Database SSL cert and key must both be defined to use SSL in the database.', E_USER_WARNING);
|
||||||
|
unset($databaseConfig['ssl_key']);
|
||||||
|
unset($databaseConfig['ssl_cert']);
|
||||||
|
}
|
||||||
|
|
||||||
// Set the port if called for
|
// Set the port if called for
|
||||||
$dbPort = Environment::getEnv('SS_DATABASE_PORT');
|
$dbPort = Environment::getEnv('SS_DATABASE_PORT');
|
||||||
if ($dbPort) {
|
if ($dbPort) {
|
||||||
|
@ -35,15 +35,15 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper
|
|||||||
case 'MySQLDatabase':
|
case 'MySQLDatabase':
|
||||||
$conn = mysqli_init();
|
$conn = mysqli_init();
|
||||||
|
|
||||||
// Set SSL parameters if they exist. All parameters are required.
|
// Set SSL parameters if they exist.
|
||||||
if (array_key_exists('ssl_key', $databaseConfig) &&
|
// Must have both the SSL cert and key, or the common authority, or preferably all three.
|
||||||
array_key_exists('ssl_cert', $databaseConfig) &&
|
if ((array_key_exists('ssl_key', $databaseConfig) && array_key_exists('ssl_cert', $databaseConfig))
|
||||||
array_key_exists('ssl_ca', $databaseConfig)
|
|| array_key_exists('ssl_ca', $databaseConfig)
|
||||||
) {
|
) {
|
||||||
$conn->ssl_set(
|
$conn->ssl_set(
|
||||||
$databaseConfig['ssl_key'],
|
$databaseConfig['ssl_key'] ?? null,
|
||||||
$databaseConfig['ssl_cert'],
|
$databaseConfig['ssl_cert'] ?? null,
|
||||||
$databaseConfig['ssl_ca'],
|
$databaseConfig['ssl_ca'] ?? null,
|
||||||
dirname($databaseConfig['ssl_ca']),
|
dirname($databaseConfig['ssl_ca']),
|
||||||
array_key_exists('ssl_cipher', $databaseConfig)
|
array_key_exists('ssl_cipher', $databaseConfig)
|
||||||
? $databaseConfig['ssl_cipher']
|
? $databaseConfig['ssl_cipher']
|
||||||
|
@ -96,14 +96,15 @@ class MySQLiConnector extends DBConnector
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set SSL parameters if they exist. All parameters are required.
|
// Set SSL parameters if they exist.
|
||||||
if (array_key_exists('ssl_key', $parameters ?? []) &&
|
// Must have both the SSL cert and key, or the common authority, or preferably all three.
|
||||||
array_key_exists('ssl_cert', $parameters ?? []) &&
|
if ((array_key_exists('ssl_key', $parameters ?? []) && array_key_exists('ssl_cert', $parameters ?? []))
|
||||||
array_key_exists('ssl_ca', $parameters ?? [])) {
|
|| array_key_exists('ssl_ca', $parameters ?? [])
|
||||||
|
) {
|
||||||
$this->dbConn->ssl_set(
|
$this->dbConn->ssl_set(
|
||||||
$parameters['ssl_key'],
|
$parameters['ssl_key'] ?? null,
|
||||||
$parameters['ssl_cert'],
|
$parameters['ssl_cert'] ?? null,
|
||||||
$parameters['ssl_ca'],
|
$parameters['ssl_ca'] ?? null,
|
||||||
dirname($parameters['ssl_ca'] ?? ''),
|
dirname($parameters['ssl_ca'] ?? ''),
|
||||||
array_key_exists('ssl_cipher', $parameters ?? [])
|
array_key_exists('ssl_cipher', $parameters ?? [])
|
||||||
? $parameters['ssl_cipher']
|
? $parameters['ssl_cipher']
|
||||||
|
Loading…
Reference in New Issue
Block a user