I realise this is rather eleventh hour, but it would be great if D7 could include support for SSL connections to MySQL, and other database servers that support SSL connections.

In D6 this can be achieved by changing the mysql_connect call in includes/database.mysql.inc to:
$connection = @mysql_connect($url['host'], $url['user'], $url['pass'], TRUE, MYSQL_CLIENT_SSL);

With more people using servers that they don't have physical control over this would be a great thing to have support for out of the box. I haven't looked at the D7 database code, but realise it has undergone significant changes from D6. If I'm not the only one with interest in SSL support I would be happy to help with the necessary changes.

More info on MySQL SSL support is available here:
http://dev.mysql.com/doc/refman/5.0/en/secure-connections.html

Files: 
CommentFileSizeAuthor
#12 726192-arbitrary-pdo-options-attributes-D7.patch2.47 KBdeekayen
#8 726192-arbitrary-pdo-options-attributes.patch2.47 KBDamien Tournoud
PASSED: [[SimpleTest]]: [MySQL] 33,651 pass(es).
[ View ]

Comments

Title:MySQL SSL supportDatabase SSL support
Issue tags:+PostgreSQL, +MySQL

I'm having problems with PostgreSQL as well. My database server only accepts SSL connections. I had to change my pg_hba.conf file to allow a non SSL connection from my web server's IP. This is not the best solution and I would much rather have SSL support in Drupal.

hostnossl       all     all     192.168.1.1/32 md5

In D6 this can be achieved by changing the mysql_connect call in includes/database.mysql.inc to:
$connection = @mysql_connect($url['host'], $url['user'], $url['pass'], TRUE, MYSQL_CLIENT_SSL);

I am working with a server and mysql that requires I deal with SSL. Is this really all I need to do?

I might be wrong, but with the new Database layer in D7, DBTNG, all database connections are using PDO, not the PHP native options like mysql_connect. There needs to be support for SSL via the PDO option.

Version:7.x-dev» 8.x-dev

It looks like PHP 5.3 PDO does not support SSL but that it's in more recent snapshots. When we start supporting PHP 5.4 (or if it shows up in a later PHP 5.3) we should start supporting it. More detail at http://www.php.net/manual/en/ref.pdo-mysql.php#103501.

For even more reference, it looks like the next version of PHP 5.3 is going to support SSL for the MySQL PDO driver. http://svn.php.net/viewvc?view=revision&revision=310239

PHP 5.3.7 was released yesterday, which included the commit for pdo mysql ssl support.

The appropriate PDO option for this would need to be added in DatabaseConnection_mysql::__construct() as a part of $connection_options. It might be a good idea to provide a way for folk to include not just the ssl option, but any other pdo option as well at the same time.

Relevant options:

  • MYSQL_ATTR_SSL_KEY
  • MYSQL_ATTR_SSL_CERT
  • MYSQL_ATTR_SSL_CA
  • MYSQL_ATTR_SSL_CAPATH
  • MYSQL_ATTR_SSL_CIPHER

I think rather than this issue being about SSL support it should be about adding the ability to pass in connection options into PDO. Perhaps create a new key 'pdo_options', which will have an array union with any options set in the Database driver's connection constructor, and then subsequently passed into DatabaseConnection's and PDO's constructor respectively.

Title:Database SSL supportAllow arbitrary PDO driver options to be specified
Priority:Normal» Major

I have been meaning to do that for a while now. In addition to the SSL parameters, it is useful to be able to tweak some other options (PDO::ATTR_TIMEOUT, for example).

Status:Active» Needs review
Issue tags:-PostgreSQL, -MySQL
StatusFileSize
new2.47 KB
PASSED: [[SimpleTest]]: [MySQL] 33,651 pass(es).
[ View ]

Actually, because of PDO craziness, we have to have two different keys: one for driver options and the other for attributes (those are different, even if some options can be set in both).

Issue tags:+Needs tests

Yeah, that's the approach I was thinking of as well. As for tests, either we should add to testConnectionOptions or add a test for attributes and driver options each?

Issue tags:-Needs tests

I tried implementing tests, but it turns out that many drivers do no support getAttribute() (including MySQL), making it very much not worth it to write a test.

Issue tags:+needs backport to D7

Fixing tag.

Patch looks identical for D7, except against different commit hashes.

Status:Needs review» Closed (duplicate)

So now we need PHP to add SSL support to their PostgreSQL PDO driver?