diff options
| -rw-r--r-- | application/config/database.php | 12 | ||||
| -rw-r--r-- | system/database/drivers/mysqli/mysqli_driver.php | 102 | ||||
| -rw-r--r-- | user_guide_src/source/database/configuration.rst | 37 |
3 files changed, 146 insertions, 5 deletions
diff --git a/application/config/database.php b/application/config/database.php index fc3a5e5b6..26353cfb2 100644 --- a/application/config/database.php +++ b/application/config/database.php @@ -43,6 +43,12 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | ['compress'] Whether or not to use client compression (MySQL only) | ['stricton'] TRUE/FALSE - forces 'Strict Mode' connections | - good for ensuring strict SQL while developing +| ['db_options'] Used to set various database connections options and values. (MySQLi only) +| ['ssl_key'] The path name to the key file. (MySQLi only) +| ['ssl_cert'] The path name to the certificate file. (MySQLi only) +| ['ssl_ca'] The path name to the certificate authority file. (MySQLi only) +| ['ssl_capath'] The pathname to a directory that contains trusted SSL CA certificates in PEM format. (MySQLi only) +| ['ssl_cipher'] A list of allowable ciphers to use for SSL encryption. (MySQLi only) | ['failover'] array - A array with 0 or more data for connections if the main should fail. | ['save_queries'] TRUE/FALSE - Whether to "save" all executed queries. | NOTE: Disabling this will also effectively disable both @@ -80,6 +86,12 @@ $db['default'] = array( 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE, + 'db_options' => array(), + 'ssl_key' => '', + 'ssl_cert' => '', + 'ssl_ca' => '', + 'ssl_capath' => '', + 'ssl_cipher' => '', 'failover' => array(), 'save_queries' => TRUE ); diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php index e953db052..26b2a8a09 100644 --- a/system/database/drivers/mysqli/mysqli_driver.php +++ b/system/database/drivers/mysqli/mysqli_driver.php @@ -60,6 +60,21 @@ class CI_DB_mysqli_driver extends CI_DB { public $dbdriver = 'mysqli'; /** + * Database options list + * + * Used to set various database options and values. + * + * @example http://php.net/manual/en/mysqli.options.php Allows to set options not built-in/handled by CI. + * + * <code> + * array( MYSQLI_OPT_SSL_VERIFY_SERVER_CERT => true ); + * </code> + * + * @var array + */ + public $db_options = array(); + + /** * Compression flag * * @var bool @@ -86,6 +101,51 @@ class CI_DB_mysqli_driver extends CI_DB { */ public $stricton = FALSE; + /** + * The path name to the key file. + * + * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi + * + * @var string + */ + public $ssl_key = ''; + + /** + * The path name to the certificate file. + * + * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi + * + * @var string + */ + public $ssl_cert = ''; + + /** + * The path name to the certificate authority file. + * + * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi + * + * @var string + */ + public $ssl_ca = ''; + + /** + * The pathname to a directory that contains trusted SSL CA certificates in PEM format. + * + * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi + * + * @var string + */ + public $ssl_capath = ''; + + /** + * A list of allowable ciphers to use for SSL encryption. + * + * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi + * + * @var string + */ + public $ssl_cipher = ''; + // -------------------------------------------------------------------- /** @@ -132,8 +192,46 @@ class CI_DB_mysqli_driver extends CI_DB { $mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode="STRICT_ALL_TABLES"'); } - return $mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags) - ? $mysqli : FALSE; + foreach ($this->db_options AS $key => $value) + { + $mysqli->options($key, $value); + } + + if ($this->encrypt === TRUE) + { + $mysqli->ssl_set($this->ssl_key, $this->ssl_cert, $this->ssl_ca, $this->ssl_capath, $this->ssl_cipher); + $client_flags |= MYSQLI_CLIENT_SSL; + } + + $connected = @$mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags); + + if ($connected) + { + // If SSL was requested we want to do some checking and log an error if an SSL connection wasn't established. + if ($this->encrypt === TRUE) + { + $res = $mysqli->query("SHOW STATUS LIKE 'ssl_cipher';"); + $ssl_status = $res->fetch_row(); + + if ($ssl_status[1] == '') + { + log_message('error', + "Problem With MySQLi SSL: An SSL connection was requested but the resulting connection is not using SSL!"); + } + } + + return $mysqli; + } + else + { + if ($mysqli->connect_errno) + { + log_message('error', + 'msqli connect failed, error: ' . mysqli_connect_error() . " | " . $mysqli->connect_error . " | " . $mysqli->connect_errno); + } + } + + return FALSE; } // -------------------------------------------------------------------- diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst index d21c79e44..510037dba 100644 --- a/user_guide_src/source/database/configuration.rst +++ b/user_guide_src/source/database/configuration.rst @@ -30,6 +30,12 @@ prototype:: 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE, + 'db_options' => array(), + 'ssl_key' => '', + 'ssl_cert' => '', + 'ssl_ca' => '', + 'ssl_capath' => '', + 'ssl_cipher' => '', 'failover' => array() ); @@ -71,7 +77,13 @@ These failovers can be specified by setting the failover for a connection like t 'swap_pre' => '', 'encrypt' => FALSE, 'compress' => FALSE, - 'stricton' => FALSE + 'stricton' => FALSE, + 'db_options' => array(), + 'ssl_key' => '', + 'ssl_cert' => '', + 'ssl_ca' => '', + 'ssl_capath' => '', + 'ssl_cipher' => '' ), array( 'hostname' => 'localhost2', @@ -89,7 +101,13 @@ These failovers can be specified by setting the failover for a connection like t 'swap_pre' => '', 'encrypt' => FALSE, 'compress' => FALSE, - 'stricton' => FALSE + 'stricton' => FALSE, + 'db_options' => array(), + 'ssl_key' => '', + 'ssl_cert' => '', + 'ssl_ca' => '', + 'ssl_capath' => '', + 'ssl_cipher' => '' ) ); @@ -120,6 +138,12 @@ example, to set up a "test" environment you would do this:: 'compress' => FALSE, 'encrypt' => FALSE, 'stricton' => FALSE, + 'db_options' => array(), + 'ssl_key' => '', + 'ssl_cert' => '', + 'ssl_ca' => '', + 'ssl_capath' => '', + 'ssl_cipher' => '', 'failover' => array() ); @@ -186,10 +210,17 @@ Explanation of Values: :: $db['default']['port'] = 5432; + +**db_options** Used to set various database connections options and values. (MySQLi only) +**ssl_key** The path name to the key file. (MySQLi only) +**ssl_cert** The path name to the certificate file. (MySQLi only) +**ssl_ca** The path name to the certificate authority file. (MySQLi only) +**ssl_capath** The pathname to a directory that contains trusted SSL CA certificates in PEM format. (MySQLi only) +**ssl_cipher** A list of allowable ciphers to use for SSL encryption. (MySQLi only) ====================== ================================================================================================== .. note:: Depending on what database platform you are using (MySQL, PostgreSQL, etc.) not all values will be needed. For example, when using SQLite you will not need to supply a username or password, and the database name will be the path to your database file. The information above assumes - you are using MySQL.
\ No newline at end of file + you are using MySQL. |