diff options
| -rw-r--r-- | Bugzilla/DB/Mysql.pm | 12 | ||||
| -rw-r--r-- | Bugzilla/Install/Localconfig.pm | 16 | ||||
| -rw-r--r-- | template/en/default/setup/strings.txt.pl | 16 |
3 files changed, 44 insertions, 0 deletions
diff --git a/Bugzilla/DB/Mysql.pm b/Bugzilla/DB/Mysql.pm index 908e12721..9c636e2b4 100644 --- a/Bugzilla/DB/Mysql.pm +++ b/Bugzilla/DB/Mysql.pm @@ -58,6 +58,18 @@ sub new { mysql_auto_reconnect => 1, ); + # MySQL SSL options + my ($ssl_ca_file, $ssl_ca_path, $ssl_cert, $ssl_key) = + @$params{qw(db_mysql_ssl_ca_file db_mysql_ssl_ca_path + db_mysql_ssl_client_cert db_mysql_ssl_client_key)}; + if ($ssl_ca_file || $ssl_ca_path || $ssl_cert || $ssl_key) { + $attrs{'mysql_ssl'} = 1; + $attrs{'mysql_ssl_ca_file'} = $ssl_ca_file if $ssl_ca_file; + $attrs{'mysql_ssl_ca_path'} = $ssl_ca_path if $ssl_ca_path; + $attrs{'mysql_ssl_client_cert'} = $ssl_cert if $ssl_cert; + $attrs{'mysql_ssl_client_key'} = $ssl_key if $ssl_key; + } + my $self = $class->db_new({ dsn => $dsn, user => $user, pass => $pass, attrs => \%attrs }); diff --git a/Bugzilla/Install/Localconfig.pm b/Bugzilla/Install/Localconfig.pm index 3fa253729..d469e13ab 100644 --- a/Bugzilla/Install/Localconfig.pm +++ b/Bugzilla/Install/Localconfig.pm @@ -80,6 +80,22 @@ use constant LOCALCONFIG_VARS => ( default => 1, }, { + name => 'db_mysql_ssl_ca_file', + default => '', + }, + { + name => 'db_mysql_ssl_ca_path', + default => '', + }, + { + name => 'db_mysql_ssl_client_cert', + default => '', + }, + { + name => 'db_mysql_ssl_client_key', + default => '', + }, + { name => 'index_html', default => 0, }, diff --git a/template/en/default/setup/strings.txt.pl b/template/en/default/setup/strings.txt.pl index 63eb3a3fd..0d5724461 100644 --- a/template/en/default/setup/strings.txt.pl +++ b/template/en/default/setup/strings.txt.pl @@ -196,6 +196,22 @@ blank, then MySQL's compiled-in default will be used. You probably want that. END localconfig_db_user => "Who we connect to the database as.", + localconfig_db_mysql_ssl_ca_file => <<'END', +Path to a PEM file with a list of trusted SSL CA certificates. +The file must be readable by web server user. +END + localconfig_db_mysql_ssl_ca_path => <<'END', +Path to a directory containing trusted SSL CA certificates in PEM format. +Directory and files inside must be readable by the web server user. +END + localconfig_db_mysql_ssl_client_cert => <<'END', +Full path to the client SSL certificate in PEM format we will present to the DB server. +The file must be readable by web server user. +END + localconfig_db_mysql_ssl_client_key => <<'END', +Full path to the private key corresponding to the client SSL certificate. +The file must not be password-protected and must be readable by web server user. +END localconfig_diffpath => <<'END', For the "Difference Between Two Patches" feature to work, we need to know what directory the "diff" bin is in. (You only need to set this if you |