From: Aaron Schulz <aschulz@wikimedia.org>
Date: Thu, 24 Aug 2017 23:54:19 +0000 (-0700)
Subject: Add sslCAFile option to DatabaseMysqli
X-Git-Tag: 1.31.0-rc.0~2305
X-Git-Url: http://git.cyclocoop.org//%22%22._DIR_PLUGIN_FULLCALENDAR.%22prive/themes/spip/images/event_edit.png/%22?a=commitdiff_plain;h=1b5be5904d3871264fc9b28852170f3e6a1bf513;p=lhc%2Fweb%2Fwiklou.git

Add sslCAFile option to DatabaseMysqli

This makes all arguments to the mysqli::set_ssl() call be controllable.

Change-Id: I67ed742add633a77e97d08b812e420a73cd83a52
---

diff --git a/includes/libs/rdbms/database/DatabaseMysqlBase.php b/includes/libs/rdbms/database/DatabaseMysqlBase.php
index 692ddb70b8..3c4cda5552 100644
--- a/includes/libs/rdbms/database/DatabaseMysqlBase.php
+++ b/includes/libs/rdbms/database/DatabaseMysqlBase.php
@@ -51,6 +51,8 @@ abstract class DatabaseMysqlBase extends Database {
 	/** @var string|null */
 	protected $sslCertPath;
 	/** @var string|null */
+	protected $sslCAFile;
+	/** @var string|null */
 	protected $sslCAPath;
 	/** @var string[]|null */
 	protected $sslCiphers;
@@ -75,7 +77,8 @@ abstract class DatabaseMysqlBase extends Database {
 	 *   - useGTIDs : use GTID methods like MASTER_GTID_WAIT() when possible.
 	 *   - sslKeyPath : path to key file [default: null]
 	 *   - sslCertPath : path to certificate file [default: null]
-	 *   - sslCAPath : parth to certificate authority PEM files [default: null]
+	 *   - sslCAFile: path to a single certificate authority PEM file [default: null]
+	 *   - sslCAPath : parth to certificate authority PEM directory [default: null]
 	 *   - sslCiphers : array list of allowable ciphers [default: null]
 	 * @param array $params
 	 */
@@ -87,7 +90,7 @@ abstract class DatabaseMysqlBase extends Database {
 			? $params['lagDetectionOptions']
 			: [];
 		$this->useGTIDs = !empty( $params['useGTIDs' ] );
-		foreach ( [ 'KeyPath', 'CertPath', 'CAPath', 'Ciphers' ] as $name ) {
+		foreach ( [ 'KeyPath', 'CertPath', 'CAFile', 'CAPath', 'Ciphers' ] as $name ) {
 			$var = "ssl{$name}";
 			if ( isset( $params[$var] ) ) {
 				$this->$var = $params[$var];
diff --git a/includes/libs/rdbms/database/DatabaseMysqli.php b/includes/libs/rdbms/database/DatabaseMysqli.php
index 4d1b87b1f9..b925e2c653 100644
--- a/includes/libs/rdbms/database/DatabaseMysqli.php
+++ b/includes/libs/rdbms/database/DatabaseMysqli.php
@@ -91,7 +91,7 @@ class DatabaseMysqli extends DatabaseMysqlBase {
 			$mysqli->ssl_set(
 				$this->sslKeyPath,
 				$this->sslCertPath,
-				null,
+				$this->sslCAFile,
 				$this->sslCAPath,
 				$this->sslCiphers
 			);