From: Aaron Schulz Date: Mon, 22 Aug 2016 17:37:31 +0000 (-0700) Subject: Call ssl_set() in DatabaseMysqli if DBO_SSL is set X-Git-Tag: 1.31.0-rc.0~5906^2 X-Git-Url: http://git.cyclocoop.org/%7B%24www_url%7Dadmin/compta/exercices/supprimer.php?a=commitdiff_plain;h=b815622c942599435574258fb769946e8f579d92;p=lhc%2Fweb%2Fwiklou.git Call ssl_set() in DatabaseMysqli if DBO_SSL is set Bug: T136218 Change-Id: I849b14c58d3f3c12853b95e218517288d822b107 --- diff --git a/includes/db/DatabaseMysqlBase.php b/includes/db/DatabaseMysqlBase.php index d1ebe62f2e..9528220e18 100644 --- a/includes/db/DatabaseMysqlBase.php +++ b/includes/db/DatabaseMysqlBase.php @@ -38,7 +38,14 @@ abstract class DatabaseMysqlBase extends Database { protected $lagDetectionOptions = []; /** @var bool bool Whether to use GTID methods */ protected $useGTIDs = false; - + /** @var string|null */ + protected $sslKeyPath; + /** @var string|null */ + protected $sslCertPath; + /** @var string|null */ + protected $sslCAPath; + /** @var string[]|null */ + protected $sslCiphers; /** @var string|null */ private $serverVersion = null; @@ -53,6 +60,10 @@ abstract class DatabaseMysqlBase extends Database { * ID of this server's master will be used. Set the "conds" field to * override the query conditions, e.g. ['shard' => 's1']. * - useGTIDs : use GTID methods like MASTER_GTID_WAIT() when possible. + * - sslKeyPath : path to key file [default: null] + * - sslCertPath : path to certificate file [default: null] + * - sslCAPath : parth to certificate authority PEM files [default: null] + * - sslCiphers : array list of allowable ciphers [default: null] * @param array $params */ function __construct( array $params ) { @@ -65,6 +76,12 @@ abstract class DatabaseMysqlBase extends Database { ? $params['lagDetectionOptions'] : []; $this->useGTIDs = !empty( $params['useGTIDs' ] ); + foreach ( [ 'KeyPath', 'CertPath', 'CAPath', 'Ciphers' ] as $name ) { + $var = "ssl{$name}"; + if ( isset( $params[$var] ) ) { + $this->$var = $params[$var]; + } + } } /** diff --git a/includes/db/DatabaseMysqli.php b/includes/db/DatabaseMysqli.php index cb580cc0e6..e46860116d 100644 --- a/includes/db/DatabaseMysqli.php +++ b/includes/db/DatabaseMysqli.php @@ -81,9 +81,18 @@ class DatabaseMysqli extends DatabaseMysqlBase { $socket = $hostAndSocket[1]; } + $mysqli = mysqli_init(); + $connFlags = 0; if ( $this->mFlags & DBO_SSL ) { $connFlags |= MYSQLI_CLIENT_SSL; + $mysqli->ssl_set( + $this->sslKeyPath, + $this->sslCertPath, + null, + $this->sslCAPath, + $this->sslCiphers + ); } if ( $this->mFlags & DBO_COMPRESS ) { $connFlags |= MYSQLI_CLIENT_COMPRESS; @@ -92,7 +101,6 @@ class DatabaseMysqli extends DatabaseMysqlBase { $realServer = 'p:' . $realServer; } - $mysqli = mysqli_init(); if ( $wgDBmysql5 ) { // Tell the server we're communicating with it in UTF-8. // This may engage various charset conversions.