[MediaWiki-commits] [Gerrit] mediawiki/core[master]: Add sslCAFile option to DatabaseMysqli

Thu, 24 Aug 2017 16:55:14 -0700 

Aaron Schulz has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/373715 )

Change subject: Add sslCAFile option to DatabaseMysqli
......................................................................

Add sslCAFile option to DatabaseMysqli

This makes all arguments to the mysqli::set_ssl() call be controllable.

Change-Id: I67ed742add633a77e97d08b812e420a73cd83a52
---
M includes/libs/rdbms/database/DatabaseMysqlBase.php
M includes/libs/rdbms/database/DatabaseMysqli.php
2 files changed, 6 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/core 
refs/changes/15/373715/1

diff --git a/includes/libs/rdbms/database/DatabaseMysqlBase.php 
b/includes/libs/rdbms/database/DatabaseMysqlBase.php
index 692ddb7..3c4cda5 100644
--- a/includes/libs/rdbms/database/DatabaseMysqlBase.php
+++ b/includes/libs/rdbms/database/DatabaseMysqlBase.php
@@ -51,6 +51,8 @@
        /** @var string|null */
        protected $sslCertPath;
        /** @var string|null */
+       protected $sslCAFile;
+       /** @var string|null */
        protected $sslCAPath;
        /** @var string[]|null */
        protected $sslCiphers;
@@ -75,7 +77,8 @@
         *   - useGTIDs : use GTID methods like MASTER_GTID_WAIT() when 
possible.
         *   - sslKeyPath : path to key file [default: null]
         *   - sslCertPath : path to certificate file [default: null]
-        *   - sslCAPath : parth to certificate authority PEM files [default: 
null]
+        *   - sslCAFile: path to a single certificate authority PEM file 
[default: null]
+        *   - sslCAPath : parth to certificate authority PEM directory 
[default: null]
         *   - sslCiphers : array list of allowable ciphers [default: null]
         * @param array $params
         */
@@ -87,7 +90,7 @@
                        ? $params['lagDetectionOptions']
                        : [];
                $this->useGTIDs = !empty( $params['useGTIDs' ] );
-               foreach ( [ 'KeyPath', 'CertPath', 'CAPath', 'Ciphers' ] as 
$name ) {
+               foreach ( [ 'KeyPath', 'CertPath', 'CAFile', 'CAPath', 
'Ciphers' ] as $name ) {
                        $var = "ssl{$name}";
                        if ( isset( $params[$var] ) ) {
                                $this->$var = $params[$var];
diff --git a/includes/libs/rdbms/database/DatabaseMysqli.php 
b/includes/libs/rdbms/database/DatabaseMysqli.php
index 4d1b87b..b925e2c 100644
--- a/includes/libs/rdbms/database/DatabaseMysqli.php
+++ b/includes/libs/rdbms/database/DatabaseMysqli.php
@@ -91,7 +91,7 @@
                        $mysqli->ssl_set(
                                $this->sslKeyPath,
                                $this->sslCertPath,
-                               null,
+                               $this->sslCAFile,
                                $this->sslCAPath,
                                $this->sslCiphers
                        );

-- 
To view, visit https://gerrit.wikimedia.org/r/373715
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I67ed742add633a77e97d08b812e420a73cd83a52
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <asch...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to