Skip to content
Snippets Groups Projects

[ENH] MySQL SSL connection with a single key file

For some system, e.g AWS Lightsail, they provide only one key file to setup an SSL Connection with database they host. Tiki as a client, is now able to detect if we use 3 key files or 1, and setup an SSL Connection accordingly (See MySQL ssl-mode).

Edited by Marcellin Wabo

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Marcellin Wabo added 1 commit

    added 1 commit

    • ac83e95f - [UPD][NEW] Update preference ssl connection

    Compare with previous version

  • Marcellin Wabo changed the description

    changed the description

  • Marcellin Wabo added 1 commit

    added 1 commit

    • dda92507 - [UPD] Preference SSL Connection: Add key file upload form

    Compare with previous version

  • Marcellin Wabo added 1 commit

    added 1 commit

    • 5abc1608 - [NEW][ENH] Preference SSL Connection, MySQL SSL connection with a single key file

    Compare with previous version

  • Marcellin Wabo added 1 commit

    added 1 commit

    • a0fc055c - [NEW][ENH] Preference SSL Connection, MySQL SSL connection with a single key file

    Compare with previous version

  • Marcellin Wabo marked this merge request as ready

    marked this merge request as ready

  • Marcellin Wabo changed title from [UPD] Connect to MySQL with Tiki using an SSL encrypted connection with a single key file to [NEW][ENH] Preference SSL Connection, MySQL SSL connection with a single key file

    changed title from [UPD] Connect to MySQL with Tiki using an SSL encrypted connection with a single key file to [NEW][ENH] Preference SSL Connection, MySQL SSL connection with a single key file

  • Marcellin Wabo changed the description

    changed the description

  • Marcellin Wabo changed the description

    changed the description

  • luci added 125 commits

    added 125 commits

    • a0fc055c...41417f7c - 124 commits from branch tikiwiki:master
    • 1293c176 - [NEW][ENH] Preference SSL Connection, MySQL SSL connection with a single key file

    Compare with previous version

  • luci added $ + 1 deleted label

    added $ + 1 deleted label

  • @kroky @jonnybradley not sure confident enough about this one, but the code looks good to me. What do you guys think?

  • FYI, it was done to help a Tiki community member who then documented: https://doc.tiki.org/AWS-Lightsail

  • Looks good to me but I don't get the new preference sslconnection_use - it seems to be used only in admin to check if there is an ssl connection or not which seems wrong. If you introduce a new toggle setting, it should be used in the actual pdo connection settings code. On the other hand, toggle of mysql ssl connection preference stored in the database is also not ideal as you will loose the connection to the database if you enter incorrect settings and also you need the preference value before the actual connection is established - thus, I think the new preference is useless at the moment.

  • Author Developer

    Thank you for advises and notes. As you have noticed @kroky the preference is a work in progress (see the MR description). This task shows what we wish to implement to complete it. I'll make a refactor to clean and organize the code properly as you suggest, also I won't hesitate if any questions. Do you think this is mergeable?

  • Ok but I still don't get the purpose of the preference? Shouldn't it be an upload are instead where you can upload the pem files or remove existing uploaded cert files in db/certs?

  • Author Developer

    Yes, it should. The preference should allow us both to enable / disable SSL connection and to upload the keys. So, If I catch you very well, I should avoid adding a preference, and only add the upload feature?

    • Resolved by Victor Emanouilov

      Uploading the keys I understand. The problem is how do you get the preference from the database initially before you open the database connection? You will need the preference in order to know what PDO connection options to specify. It seems like we need to store this preference somewhere else than the db in order to be useful. That's why I am confused. If admin UI allows you to control the pem/cert files uploaded, I think that might be enough as lack of the files will be treated like normal connection and their presence will be treated like using SSL connection (i.e. preference is on in that case).

  • Alright, that will be interesting to see :smile:

  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply
Loading