https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36026
--- Comment #1 from David Cook <[email protected]> --- I just took a look at Koha/Database.pm and I see what you mean: my $tls = $config->get("tls"); if ($tls && $tls eq 'yes') { $dsn .= sprintf( ';mysql_ssl=1;mysql_ssl_client_key=%s;mysql_ssl_client_cert=%s;mysql_ssl_ca_file=%s', $config->get('key'), $config->get('cert'), $config->get('ca'), ); } It would take a bit of digging to figure out why it was set up this way originally, but it wouldn't be too hard to change this, so that the client authentication was optional/separate. My plate is a bit full at the moment, but if someone wanted to take this on... they'd need to make a Koha::Database::generate_dsn type function and unit test it with no tls, tls with no client auth, tls with client auth. If they make the $config object a parameter of the function, then it would be really easy to unit test. Ideally, someone would also do an integration test with a MySQL using SSL. It would be interesting to add that to the Jenkins CI actually. If no else does a patch, I could come back to it, but it might be a few weeks or longer. I think this is certainly a worthwhile one to do though. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
