Merge "(bug 32774) Added config options and flags for SSL and compression in DB."

diff --git a/RELEASE-NOTES-1.20 b/RELEASE-NOTES-1.20
index 54554c9..2dea396 100644 (file)
--- a/RELEASE-NOTES-1.20
+++ b/RELEASE-NOTES-1.20
@@ -25,6 +25,8 @@ upgrade PHP if you have not done so prior to upgrading MediaWiki.
 * Removed f-prot support from $wgAntivirusSetup.
 * New variable $wgDBerrorLogTZ to provide dates in the error log in a
   different timezone than the wiki timezone set by $wgLocalTimezone.
+* New variables $wgDBssl and $wgDBcompress to enable SSL and compression for database
+  connections, if either are available for the selected DB type.
 
 === New features in 1.20 ===
 * Added TitleIsAlwaysKnown hook which gets called when determining if a page exists.

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 807658d..d77aed1 100644 (file)
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -1308,6 +1308,10 @@ $wgDBuser = 'wikiuser';
 $wgDBpassword = '';
 /** Database type */
 $wgDBtype = 'mysql';
+/** Whether to use SSL in DB connection. */
+$wgDBssl = false;
+/** Whether to use compression in DB connection. */
+$wgDBcompress = false;
 
 /** Separate username for maintenance tasks. Leave as null to use the default. */
 $wgDBadminuser = null;
@@ -1393,6 +1397,8 @@ $wgSharedTables = array( 'user', 'user_properties' );
  *                  - DBO_IGNORE -- ignore errors (not useful in LocalSettings.php)
  *                  - DBO_NOBUFFER -- turn off buffering (not useful in LocalSettings.php)
  *                  - DBO_PERSISTENT -- enables persistent database connections
+ *                  - DBO_SSL -- uses SSL/TLS encryption in database connections, if available
+ *                  - DBO_COMPRESS -- uses internal compression in database connections, if available
  *
  *   - max lag:     (optional) Maximum replication lag before a slave will taken out of rotation
  *   - max threads: (optional) Maximum number of running threads

diff --git a/includes/Defines.php b/includes/Defines.php
index 56218d6..55d9a7a 100644 (file)
--- a/includes/Defines.php
+++ b/includes/Defines.php
@@ -44,6 +44,8 @@ define( 'DBO_DEFAULT', 16 );
 define( 'DBO_PERSISTENT', 32 );
 define( 'DBO_SYSDBA', 64 ); //for oracle maintenance
 define( 'DBO_DDLMODE', 128 ); // when using schema files: mostly for Oracle
+define( 'DBO_SSL', 256 );
+define( 'DBO_COMPRESS', 512 );
 /**@}*/
 
 /**@{

diff --git a/includes/db/DatabaseMysql.php b/includes/db/DatabaseMysql.php
index e27d3db..4b34310 100644 (file)
--- a/includes/db/DatabaseMysql.php
+++ b/includes/db/DatabaseMysql.php
@@ -83,6 +83,14 @@ class DatabaseMysql extends DatabaseBase {
                $this->mPassword = $password;
                $this->mDBname = $dbName;
 
+               $connFlags = 0;
+               if ( $this->mFlags & DBO_SSL ) {
+                       $connFlags |= MYSQL_CLIENT_SSL;
+               }
+               if ( $this->mFlags & DBO_COMPRESS ) {
+                       $connFlags |= MYSQL_CLIENT_COMPRESS;
+               }
+
                wfProfileIn("dbconnect-$server");
 
                # The kernel's default SYN retransmission period is far too slow for us,
@@ -100,10 +108,10 @@ class DatabaseMysql extends DatabaseBase {
                                usleep( 1000 );
                        }
                        if ( $this->mFlags & DBO_PERSISTENT ) {
-                               $this->mConn = mysql_pconnect( $realServer, $user, $password );
+                               $this->mConn = mysql_pconnect( $realServer, $user, $password, $connFlags );
                        } else {
                                # Create a new connection...
-                               $this->mConn = mysql_connect( $realServer, $user, $password, true );
+                               $this->mConn = mysql_connect( $realServer, $user, $password, true, $connFlags );
                        }
                        #if ( $this->mConn === false ) {
                                #$iplus = $i + 1;

diff --git a/includes/db/DatabasePostgres.php b/includes/db/DatabasePostgres.php
index 3504892..8f8f5e8 100644 (file)
--- a/includes/db/DatabasePostgres.php
+++ b/includes/db/DatabasePostgres.php
@@ -356,6 +356,10 @@ class DatabasePostgres extends DatabaseBase {
                if ( $port != false && $port != '' ) {
                        $connectVars['port'] = $port;
                }
+               if ( $this->mFlags & DBO_SSL ) {
+                       $connectVars['sslmode'] = 1;
+               }
+
                $this->connectString = $this->makeConnectionString( $connectVars, PGSQL_CONNECT_FORCE_NEW );
                $this->close();
                $this->installErrorHandler();

diff --git a/includes/db/LBFactory.php b/includes/db/LBFactory.php
index aaca12c..e82c54b 100644 (file)
--- a/includes/db/LBFactory.php
+++ b/includes/db/LBFactory.php
@@ -191,6 +191,16 @@ class LBFactory_Simple extends LBFactory {
                        $servers = $wgDBservers;
                } else {
                        global $wgDBserver, $wgDBuser, $wgDBpassword, $wgDBname, $wgDBtype, $wgDebugDumpSql;
+                       global $wgDBssl, $wgDBcompress;
+
+                       $flags = ( $wgDebugDumpSql ? DBO_DEBUG : 0 ) | DBO_DEFAULT;
+                       if ( $wgDBssl ) {
+                               $flags |= DBO_SSL;
+                       }
+                       if ( $wgDBcompress ) {
+                               $flags |= DBO_COMPRESS;
+                       }
+
                        $servers = array(array(
                                'host' => $wgDBserver,
                                'user' => $wgDBuser,
@@ -198,7 +208,7 @@ class LBFactory_Simple extends LBFactory {
                                'dbname' => $wgDBname,
                                'type' => $wgDBtype,
                                'load' => 1,
-                               'flags' => ($wgDebugDumpSql ? DBO_DEBUG : 0) | DBO_DEFAULT
+                               'flags' => $flags
                        ));
                }