diff options
author | Andrey Andreev <narf@devilix.net> | 2015-07-16 10:46:37 +0200 |
---|---|---|
committer | Andrey Andreev <narf@devilix.net> | 2015-07-16 10:46:37 +0200 |
commit | 18ef61610735aaee76ca374fdede3fe4433e38a2 (patch) | |
tree | 93a865d88f426aa40d50d6b3ae95f4f1b8ca81c0 /system/database | |
parent | 924ac35f6d5a51ab5a9c0a27fed246a5678c5ea6 (diff) | |
parent | 52ec8252a0cf1c57022fabe7a6d1abd0824f1d90 (diff) |
Merge branch 'feature/mysqli-ssl' of github.com:ndigitals/CodeIgniter into feature/mysqli_ssl
Diffstat (limited to 'system/database')
-rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 58 |
1 files changed, 56 insertions, 2 deletions
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index e953db052..61a37bd03 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -86,6 +86,21 @@ class CI_DB_mysqli_driver extends CI_DB { */ public $stricton = FALSE; + /** + * Used to set various SSL options that can be used when making SSL connections. + * + * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi + * + * @var array + */ + public $ssl_options = array( + "ssl_key" => '', // The path name to the key file. + "ssl_cert" => '', // The path name to the certificate file. + "ssl_ca" => '', // The path name to the certificate authority file. + "ssl_capath" => '', // The pathname to a directory that contains trusted SSL CA certificates in PEM format. + "ssl_cipher" => '' // A list of allowable ciphers to use for SSL encryption. + ); + // -------------------------------------------------------------------- /** @@ -132,8 +147,47 @@ class CI_DB_mysqli_driver extends CI_DB { $mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode="STRICT_ALL_TABLES"'); } - return $mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags) - ? $mysqli : FALSE; + if ($this->encrypt === TRUE) + { + $ssl_key = array_key_exists('ssl_key', $this->ssl_options) ? $this->ssl_options['ssl_key'] : ''; + $ssl_cert = array_key_exists('ssl_cert', $this->ssl_options) ? $this->ssl_options['ssl_cert'] : ''; + $ssl_ca = array_key_exists('ssl_ca', $this->ssl_options) ? $this->ssl_options['ssl_ca'] : ''; + $ssl_capath = array_key_exists('ssl_capath', $this->ssl_options) ? $this->ssl_options['ssl_capath'] : ''; + $ssl_cipher = array_key_exists('ssl_cipher', $this->ssl_options) ? $this->ssl_options['ssl_cipher'] : ''; + + $mysqli->ssl_set($ssl_key, $ssl_cert, $ssl_ca, $ssl_capath, $ssl_cipher); + $client_flags |= MYSQLI_CLIENT_SSL; + } + + $connected = @$mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags); + + if ($connected) + { + // If SSL was requested we want to do some checking and log an error if an SSL connection wasn't established. + if ($this->encrypt === TRUE) + { + $res = $mysqli->query("SHOW STATUS LIKE 'ssl_cipher';"); + $ssl_status = $res->fetch_row(); + + if ($ssl_status[1] == '') + { + log_message('error', + "Problem With MySQLi SSL: An SSL connection was requested but the resulting connection is not using SSL!"); + } + } + + return $mysqli; + } + else + { + if ($mysqli->connect_errno) + { + log_message('error', + 'msqli connect failed, error: ' . mysqli_connect_error() . " | " . $mysqli->connect_error . " | " . $mysqli->connect_errno); + } + } + + return FALSE; } // -------------------------------------------------------------------- |