[ENH] MySQL SSL connection with a single key file
For some system, e.g AWS Lightsail, they provide only one key file to setup an SSL Connection with database they host. Tiki as a client, is now able to detect if we use 3 key files or 1, and setup an SSL Connection accordingly (See MySQL ssl-mode).
Merge request reports
Activity
added 1 commit
- dda92507 - [UPD] Preference SSL Connection: Add key file upload form
added 1 commit
- 5abc1608 - [NEW][ENH] Preference SSL Connection, MySQL SSL connection with a single key file
added 1 commit
- a0fc055c - [NEW][ENH] Preference SSL Connection, MySQL SSL connection with a single key file
added 125 commits
-
a0fc055c...41417f7c - 124 commits from branch
tikiwiki:master
- 1293c176 - [NEW][ENH] Preference SSL Connection, MySQL SSL connection with a single key file
-
a0fc055c...41417f7c - 124 commits from branch
added $ + 1 deleted label
@kroky @jonnybradley not sure confident enough about this one, but the code looks good to me. What do you guys think?
FYI, it was done to help a Tiki community member who then documented: https://doc.tiki.org/AWS-Lightsail
Looks good to me but I don't get the new preference
sslconnection_use
- it seems to be used only in admin to check if there is an ssl connection or not which seems wrong. If you introduce a new toggle setting, it should be used in the actual pdo connection settings code. On the other hand, toggle of mysql ssl connection preference stored in the database is also not ideal as you will loose the connection to the database if you enter incorrect settings and also you need the preference value before the actual connection is established - thus, I think the new preference is useless at the moment.Thank you for advises and notes. As you have noticed @kroky the preference is a work in progress (see the MR description). This task shows what we wish to implement to complete it. I'll make a refactor to clean and organize the code properly as you suggest, also I won't hesitate if any questions. Do you think this is mergeable?
- Resolved by Victor Emanouilov
Uploading the keys I understand. The problem is how do you get the preference from the database initially before you open the database connection? You will need the preference in order to know what PDO connection options to specify. It seems like we need to store this preference somewhere else than the db in order to be useful. That's why I am confused. If admin UI allows you to control the pem/cert files uploaded, I think that might be enough as lack of the files will be treated like normal connection and their presence will be treated like using SSL connection (i.e. preference is on in that case).