From 96327678036b90342ce02ae32b10fab6544fbf85 Mon Sep 17 00:00:00 2001 From: root <60354324+ib-mlatin@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:04:03 -0500 Subject: [PATCH 1/2] Add support for MySQL TLS connections --- config/config-sample.ini | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/config/config-sample.ini b/config/config-sample.ini index 030e70e..9c8826b 100644 --- a/config/config-sample.ini +++ b/config/config-sample.ini @@ -81,6 +81,13 @@ port = 3306 username = ska-user password = password database = ska-db +; The below options allow TLS encrypted MySQL Database Sessions +; usetls options: +; 0: TLS is disabled +; 1: TLS is enabled +; tls_ca_cert: Location for the TLS public key for the MySQL server +usetls = 0 +tls_ca_cert = "/etc/ssl/certs/ca-certificates.crt" [ldap] ; Address to connect to LDAP server From 4db4e3ff692e015913104e4981bff32c22aa0a84 Mon Sep 17 00:00:00 2001 From: root <60354324+ib-mlatin@users.noreply.github.com> Date: Wed, 16 Jun 2021 16:07:31 -0500 Subject: [PATCH 2/2] Add logic to database initialization function to support TLS --- core.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/core.php b/core.php index 618c15b..c17a189 100644 --- a/core.php +++ b/core.php @@ -65,7 +65,14 @@ function autoload_model($classname) { function setup_database() { global $config, $database, $driver, $pubkey_dir, $user_dir, $group_dir, $server_dir, $server_account_dir, $event_dir, $sync_request_dir; try { - $database = new mysqli($config['database']['hostname'], $config['database']['username'], $config['database']['password'], $config['database']['database'], $config['database']['port']); + if ($config['database']['usetls']) { + $database = mysqli_init(); + $database->options(MYSQLI_OPT_SSL_VERIFY_SERVER_CERT, true); + $database->ssl_set(NULL, NULL, $config['database']['tls_ca_cert'], NULL, NULL); + $database->real_connect($config['database']['hostname'], $config['database']['username'], $config['database']['password'], $config['database']['database'], $config['database']['port']); + } else { + $database = new mysqli($config['database']['hostname'], $config['database']['username'], $config['database']['password'], $config['database']['database'], $config['database']['port']); + } } catch(ErrorException $e) { throw new DBConnectionFailedException($e->getMessage()); }