jenkins-bot has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/373715 )
Change subject: Add sslCAFile option to DatabaseMysqli
......................................................................
Add sslCAFile option to DatabaseMysqli
This makes all arguments to the mysqli::set_ssl() call be controllable.
Change-Id: I67ed742add633a77e97d08b812e420a73cd83a52
---
M includes/libs/rdbms/database/DatabaseMysqlBase.php
M includes/libs/rdbms/database/DatabaseMysqli.php
2 files changed, 6 insertions(+), 3 deletions(-)
Approvals:
EBernhardson: Looks good to me, approved
jenkins-bot: Verified
diff --git a/includes/libs/rdbms/database/DatabaseMysqlBase.php
b/includes/libs/rdbms/database/DatabaseMysqlBase.php
index 692ddb7..3c4cda5 100644
--- a/includes/libs/rdbms/database/DatabaseMysqlBase.php
+++ b/includes/libs/rdbms/database/DatabaseMysqlBase.php
@@ -51,6 +51,8 @@
/** @var string|null */
protected $sslCertPath;
/** @var string|null */
+ protected $sslCAFile;
+ /** @var string|null */
protected $sslCAPath;
/** @var string[]|null */
protected $sslCiphers;
@@ -75,7 +77,8 @@
* - useGTIDs : use GTID methods like MASTER_GTID_WAIT() when
possible.
* - sslKeyPath : path to key file [default: null]
* - sslCertPath : path to certificate file [default: null]
- * - sslCAPath : parth to certificate authority PEM files [default:
null]
+ * - sslCAFile: path to a single certificate authority PEM file
[default: null]
+ * - sslCAPath : parth to certificate authority PEM directory
[default: null]
* - sslCiphers : array list of allowable ciphers [default: null]
* @param array $params
*/
@@ -87,7 +90,7 @@
? $params['lagDetectionOptions']
: [];
$this->useGTIDs = !empty( $params['useGTIDs' ] );
- foreach ( [ 'KeyPath', 'CertPath', 'CAPath', 'Ciphers' ] as
$name ) {
+ foreach ( [ 'KeyPath', 'CertPath', 'CAFile', 'CAPath',
'Ciphers' ] as $name ) {
$var = "ssl{$name}";
if ( isset( $params[$var] ) ) {
$this->$var = $params[$var];
diff --git a/includes/libs/rdbms/database/DatabaseMysqli.php
b/includes/libs/rdbms/database/DatabaseMysqli.php
index 4d1b87b..b925e2c 100644
--- a/includes/libs/rdbms/database/DatabaseMysqli.php
+++ b/includes/libs/rdbms/database/DatabaseMysqli.php
@@ -91,7 +91,7 @@
$mysqli->ssl_set(
$this->sslKeyPath,
$this->sslCertPath,
- null,
+ $this->sslCAFile,
$this->sslCAPath,
$this->sslCiphers
);
--
To view, visit https://gerrit.wikimedia.org/r/373715
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I67ed742add633a77e97d08b812e420a73cd83a52
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/core
Gerrit-Branch: master
Gerrit-Owner: Aaron Schulz <[email protected]>
Gerrit-Reviewer: EBernhardson <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
