From 8aa7776072109256482f714c76f37eb1c7b2a572 Mon Sep 17 00:00:00 2001 From: bpatath Date: Wed, 27 May 2020 11:08:15 +0200 Subject: [PATCH] Replace unnused MySQL SSL mode --- .env.example | 9 +++++---- config/database.php | 27 ++++++++++++++------------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/.env.example b/.env.example index 1210610742..2a7503d5cd 100644 --- a/.env.example +++ b/.env.example @@ -67,13 +67,14 @@ DB_PASSWORD=secret_firefly_password # MySQL supports SSL. You can configure it here. # If you use Docker or similar, you can set these variables from a file by appending them with _FILE -MYSQL_SSL_MODE=prefer -MYSQL_SSL_ROOT_CERT_PATH= -MYSQL_SSL_ROOT_CERT= +MYSQL_USE_SSL=false +MYSQL_SSL_VERIFY_SERVER_CERT=true +# You need to set at least of these options +MYSQL_SSL_CAPATH=/etc/ssl/certs/ +MYSQL_SSL_CA= MYSQL_SSL_CERT= MYSQL_SSL_KEY= MYSQL_SSL_CIPHER= -MYSQL_SSL_VERIFY= # PostgreSQL supports SSL. You can configure it here. # If you use Docker or similar, you can set these variables from a file by appending them with _FILE diff --git a/config/database.php b/config/database.php index 425a28962d..948bb3c1fa 100644 --- a/config/database.php +++ b/config/database.php @@ -42,20 +42,22 @@ if (!(false === $databaseUrl)) { /* * Get SSL parameters from .env file. */ -$mysql_ssl_ca_dir = envNonEmpty('MYSQL_SSL_ROOT_CERT_PATH', null); -$mysql_ssl_ca_file = envNonEmpty('MYSQL_SSL_ROOT_CERT', null); -$mysql_ssl_cert = envNonEmpty('MYSQL_SSL_CERT', null); -$mysql_ssl_key = envNonEmpty('MYSQL_SSL_KEY', null); -$mysql_ssl_ciphers = envNonEmpty('MYSQL_SSL_CIPHER', null); -$mysql_ssl_verify = envNonEmpty('MYSQL_SSL_VERIFY', null); +$mysql_ssl_ca_dir = envNonEmpty('MYSQL_SSL_CAPATH', null); +$mysql_ssl_ca_file = envNonEmpty('MYSQL_SSL_CA', null); +$mysql_ssl_cert = envNonEmpty('MYSQL_SSL_CERT', null); +$mysql_ssl_key = envNonEmpty('MYSQL_SSL_KEY', null); +$mysql_ssl_ciphers = envNonEmpty('MYSQL_SSL_CIPHER', null); +$mysql_ssl_verify = envNonEmpty('MYSQL_SSL_VERIFY_SERVER_CERT', null); $mysql_ssl_options = []; -if ($mysql_ssl_ca_dir !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CAPATH ] = $mysql_ssl_ca_dir; -if ($mysql_ssl_ca_file !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CA ] = $mysql_ssl_ca_file; -if ($mysql_ssl_cert !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CERT ] = $mysql_ssl_cert; -if ($mysql_ssl_key !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_KEY ] = $mysql_ssl_key; -if ($mysql_ssl_ciphers !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CIPHER ] = $mysql_ssl_ciphers; -if ($mysql_ssl_verify !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = $mysql_ssl_verify; +if (!(false === envNonEmpty('MYSQL_USE_SSL', false))) { + if ($mysql_ssl_ca_dir !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CAPATH ] = $mysql_ssl_ca_dir; + if ($mysql_ssl_ca_file !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CA ] = $mysql_ssl_ca_file; + if ($mysql_ssl_cert !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CERT ] = $mysql_ssl_cert; + if ($mysql_ssl_key !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_KEY ] = $mysql_ssl_key; + if ($mysql_ssl_ciphers !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CIPHER ] = $mysql_ssl_ciphers; + if ($mysql_ssl_verify !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = $mysql_ssl_verify; +} return [ 'default' => envNonEmpty('DB_CONNECTION', 'pgsql'), @@ -78,7 +80,6 @@ return [ 'prefix' => '', 'strict' => true, 'engine' => 'InnoDB', - 'sslmode' => envNonEmpty('MYSQL_SSL_MODE', 'prefer'), 'options' => $mysql_ssl_options, ], 'pgsql' => [