Add sslCAFile option to DatabaseMysqli

author Aaron Schulz <aschulz@wikimedia.org>

Thu, 24 Aug 2017 23:54:19 +0000 (16:54 -0700)

committer Aaron Schulz <aschulz@wikimedia.org>

Thu, 24 Aug 2017 23:54:19 +0000 (16:54 -0700)
author Aaron Schulz <aschulz@wikimedia.org>
Thu, 24 Aug 2017 23:54:19 +0000 (16:54 -0700)
committer Aaron Schulz <aschulz@wikimedia.org>
Thu, 24 Aug 2017 23:54:19 +0000 (16:54 -0700)
diff --git a/includes/libs/rdbms/database/DatabaseMysqlBase.php b/includes/libs/rdbms/database/DatabaseMysqlBase.php

index 692ddb7..3c4cda5 100644 (file)
--- a/includes/libs/rdbms/database/DatabaseMysqlBase.php
+++ b/includes/libs/rdbms/database/DatabaseMysqlBase.php
@@ -51,6 +51,8 @@ abstract class DatabaseMysqlBase extends Database {
         /** @var string|null */
         protected $sslCertPath;
         /** @var string|null */
+       protected $sslCAFile;
+       /** @var string|null */
         protected $sslCAPath;
         /** @var string[]|null */
         protected $sslCiphers;
@@ -75,7 +77,8 @@ abstract class DatabaseMysqlBase extends Database {
          *   - useGTIDs : use GTID methods like MASTER_GTID_WAIT() when possible.
          *   - sslKeyPath : path to key file [default: null]
          *   - sslCertPath : path to certificate file [default: null]
-        *   - sslCAPath : parth to certificate authority PEM files [default: null]
+        *   - sslCAFile: path to a single certificate authority PEM file [default: null]
+        *   - sslCAPath : parth to certificate authority PEM directory [default: null]
          *   - sslCiphers : array list of allowable ciphers [default: null]
          * @param array $params
          */
@@ -87,7 +90,7 @@ abstract class DatabaseMysqlBase extends Database {
                         ? $params['lagDetectionOptions']
                         : [];
                 $this->useGTIDs = !empty( $params['useGTIDs' ] );
-               foreach ( [ 'KeyPath', 'CertPath', 'CAPath', 'Ciphers' ] as $name ) {
+               foreach ( [ 'KeyPath', 'CertPath', 'CAFile', 'CAPath', 'Ciphers' ] as $name ) {
                         $var = "ssl{$name}";
                         if ( isset( $params[$var] ) ) {
                                 $this->$var = $params[$var];
diff --git a/includes/libs/rdbms/database/DatabaseMysqli.php b/includes/libs/rdbms/database/DatabaseMysqli.php

index 4d1b87b..b925e2c 100644 (file)
--- a/includes/libs/rdbms/database/DatabaseMysqli.php
+++ b/includes/libs/rdbms/database/DatabaseMysqli.php
@@ -91,7 +91,7 @@ class DatabaseMysqli extends DatabaseMysqlBase {
                         $mysqli->ssl_set(
                                 $this->sslKeyPath,
                                 $this->sslCertPath,
-                               null,
+                               $this->sslCAFile,
                                 $this->sslCAPath,
                                 $this->sslCiphers
                         );
author	Aaron Schulz <aschulz@wikimedia.org>
	Thu, 24 Aug 2017 23:54:19 +0000 (16:54 -0700)
committer	Aaron Schulz <aschulz@wikimedia.org>
	Thu, 24 Aug 2017 23:54:19 +0000 (16:54 -0700)
includes/libs/rdbms/database/DatabaseMysqlBase.php		patch \| blob \| history
includes/libs/rdbms/database/DatabaseMysqli.php		patch \| blob \| history