FIX Add back missing SSL support for database connections (#10784)

This commit is contained in:
Guy Sartorelli 2023-05-22 12:40:59 +12:00 committed by GitHub
parent ffd0916922
commit c4b8d9a246
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 39 additions and 14 deletions

View File

@ -6,6 +6,7 @@ use SilverStripe\Control\HTTPResponse_Exception;
use SilverStripe\Dev\Install\DatabaseAdapterRegistry; use SilverStripe\Dev\Install\DatabaseAdapterRegistry;
use SilverStripe\ORM\DB; use SilverStripe\ORM\DB;
use Exception; use Exception;
use LogicException;
/** /**
* Simple Kernel container * Simple Kernel container
@ -116,6 +117,29 @@ class CoreKernel extends BaseKernel
"password" => Environment::getEnv('SS_DATABASE_PASSWORD') ?: null, "password" => Environment::getEnv('SS_DATABASE_PASSWORD') ?: null,
]; ];
// Only add SSL keys in the array if there is an actual value associated with them
$sslConf = [
'ssl_key' => 'SS_DATABASE_SSL_KEY',
'ssl_cert' => 'SS_DATABASE_SSL_CERT',
'ssl_ca' => 'SS_DATABASE_SSL_CA',
'ssl_cipher' => 'SS_DATABASE_SSL_CIPHER',
];
foreach ($sslConf as $key => $envVar) {
$envValue = Environment::getEnv($envVar);
if ($envValue) {
$databaseConfig[$key] = $envValue;
}
}
// Having only the key or cert without the other is bad configuration.
if ((isset($databaseConfig['ssl_key']) && !isset($databaseConfig['ssl_cert']))
|| (!isset($databaseConfig['ssl_key']) && isset($databaseConfig['ssl_cert']))
) {
user_error('Database SSL cert and key must both be defined to use SSL in the database.', E_USER_WARNING);
unset($databaseConfig['ssl_key']);
unset($databaseConfig['ssl_cert']);
}
// Set the port if called for // Set the port if called for
$dbPort = Environment::getEnv('SS_DATABASE_PORT'); $dbPort = Environment::getEnv('SS_DATABASE_PORT');
if ($dbPort) { if ($dbPort) {

View File

@ -35,15 +35,15 @@ class MySQLDatabaseConfigurationHelper implements DatabaseConfigurationHelper
case 'MySQLDatabase': case 'MySQLDatabase':
$conn = mysqli_init(); $conn = mysqli_init();
// Set SSL parameters if they exist. All parameters are required. // Set SSL parameters if they exist.
if (array_key_exists('ssl_key', $databaseConfig) && // Must have both the SSL cert and key, or the common authority, or preferably all three.
array_key_exists('ssl_cert', $databaseConfig) && if ((array_key_exists('ssl_key', $databaseConfig) && array_key_exists('ssl_cert', $databaseConfig))
array_key_exists('ssl_ca', $databaseConfig) || array_key_exists('ssl_ca', $databaseConfig)
) { ) {
$conn->ssl_set( $conn->ssl_set(
$databaseConfig['ssl_key'], $databaseConfig['ssl_key'] ?? null,
$databaseConfig['ssl_cert'], $databaseConfig['ssl_cert'] ?? null,
$databaseConfig['ssl_ca'], $databaseConfig['ssl_ca'] ?? null,
dirname($databaseConfig['ssl_ca']), dirname($databaseConfig['ssl_ca']),
array_key_exists('ssl_cipher', $databaseConfig) array_key_exists('ssl_cipher', $databaseConfig)
? $databaseConfig['ssl_cipher'] ? $databaseConfig['ssl_cipher']

View File

@ -96,14 +96,15 @@ class MySQLiConnector extends DBConnector
); );
} }
// Set SSL parameters if they exist. All parameters are required. // Set SSL parameters if they exist.
if (array_key_exists('ssl_key', $parameters ?? []) && // Must have both the SSL cert and key, or the common authority, or preferably all three.
array_key_exists('ssl_cert', $parameters ?? []) && if ((array_key_exists('ssl_key', $parameters ?? []) && array_key_exists('ssl_cert', $parameters ?? []))
array_key_exists('ssl_ca', $parameters ?? [])) { || array_key_exists('ssl_ca', $parameters ?? [])
) {
$this->dbConn->ssl_set( $this->dbConn->ssl_set(
$parameters['ssl_key'], $parameters['ssl_key'] ?? null,
$parameters['ssl_cert'], $parameters['ssl_cert'] ?? null,
$parameters['ssl_ca'], $parameters['ssl_ca'] ?? null,
dirname($parameters['ssl_ca'] ?? ''), dirname($parameters['ssl_ca'] ?? ''),
array_key_exists('ssl_cipher', $parameters ?? []) array_key_exists('ssl_cipher', $parameters ?? [])
? $parameters['ssl_cipher'] ? $parameters['ssl_cipher']