Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mysql PDO options to support SSL/TLS client communication #15832

Merged
merged 3 commits into from May 8, 2024
Merged

Mysql PDO options to support SSL/TLS client communication #15832

merged 3 commits into from May 8, 2024
+5 −1

Conversation

drshawnkwang
Copy link
Contributor

Fixed mysql connection to include additional options for SSL Cert and Key. This allows for TLS client communication.

DO NOT DELETE THE UNDERLYING TEXT

Please note

Please read this information carefully. You can run ./lnms dev:check to check your code before submitting.

  • Have you followed our code guidelines?
  • If my Pull Request does some changes/fixes/enhancements in the WebUI, I have inserted a screenshot of it.
  • If my Pull Request makes discovery/polling/yaml changes, I have added/updated test data.

Testers

If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926
After you are done testing, you can remove the changes with ./scripts/github-remove. If there are schema changes, you can ask on discord how to revert.

@drshawnkwang
Fixed mysql connection to include additional options for SSL Cert and…
093a1d0 
… Key. This allows for TLS client communication.
Jellyfrog
Jellyfrog reviewed Feb 16, 2024
View reviewed changes
config/database.php Outdated
@@ -66,9 +66,12 @@
'strict' => true,
'engine' => null,
'sslmode' => env('DB_SSLMODE', 'disabled'),
'options' => extension_loaded('pdo_mysql') ? array_filter([
'options' => extension_loaded('pdo_mysql') ? [
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we do not want to force this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apologies, this took some effort to fix. I believe from y testing the latest commit will allows people to use SSL/TLS connections or not. I have tested this on my local development system where I do not SSL/TLS database end; and on a system where I do have SSL/TLS database backend.

SSL/TLS CA, CERT, and KEY are optional. If they are not provided the function array_filter() will remove them.

MYSQL_ATTR_SSL_VERIFY_SERVER_CERT is outside array_filter() because the function will remove the option if it is falsey; however there are times when that variable/setting must be set to false.

@drshawnkwang
Modified config options for mysql database to make SSL/TLS settings o…
02d2bef 
…ptional.

SSL/TLS CA, CERT, and KEY are optional. If they are not provided the array_filter() will remove them.

MYSQL_ATTR_SSL_VERIFY_SERVER_CERT is outside array_filter() because the function will remove the option if it is falsey; however there are times when that variable must be set to false.
@murrant murrant closed this May 8, 2024
@murrant murrant reopened this May 8, 2024
@murrant murrant merged commit 8027492 into librenms:master May 8, 2024
11 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jellyfrog Jellyfrog Jellyfrog left review comments

@murrant murrant murrant approved these changes

Assignees
No one assigned
Labels
Feature Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@drshawnkwang @murrant @Jellyfrog @PipoCanaja