summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/database.php2
-rw-r--r--system/database/drivers/mysqli/mysqli_driver.php58
-rw-r--r--user_guide_src/source/database/configuration.rst12
3 files changed, 67 insertions, 5 deletions
diff --git a/application/config/database.php b/application/config/database.php
index 84aab9169..429b4d48a 100644
--- a/application/config/database.php
+++ b/application/config/database.php
@@ -43,6 +43,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
| ['compress'] Whether or not to use client compression (MySQL only)
| ['stricton'] TRUE/FALSE - forces 'Strict Mode' connections
| - good for ensuring strict SQL while developing
+| ['ssl_options'] Used to set various SSL options that can be used when making SSL connections.
| ['failover'] array - A array with 0 or more data for connections if the main should fail.
| ['save_queries'] TRUE/FALSE - Whether to "save" all executed queries.
| NOTE: Disabling this will also effectively disable both
@@ -79,6 +80,7 @@ $db['default'] = array(
'encrypt' => FALSE,
'compress' => FALSE,
'stricton' => FALSE,
+ 'ssl_options' => array(),
'failover' => array(),
'save_queries' => TRUE
);
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index e953db052..61a37bd03 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -86,6 +86,21 @@ class CI_DB_mysqli_driver extends CI_DB {
*/
public $stricton = FALSE;
+ /**
+ * Used to set various SSL options that can be used when making SSL connections.
+ *
+ * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi
+ *
+ * @var array
+ */
+ public $ssl_options = array(
+ "ssl_key" => '', // The path name to the key file.
+ "ssl_cert" => '', // The path name to the certificate file.
+ "ssl_ca" => '', // The path name to the certificate authority file.
+ "ssl_capath" => '', // The pathname to a directory that contains trusted SSL CA certificates in PEM format.
+ "ssl_cipher" => '' // A list of allowable ciphers to use for SSL encryption.
+ );
+
// --------------------------------------------------------------------
/**
@@ -132,8 +147,47 @@ class CI_DB_mysqli_driver extends CI_DB {
$mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode="STRICT_ALL_TABLES"');
}
- return $mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags)
- ? $mysqli : FALSE;
+ if ($this->encrypt === TRUE)
+ {
+ $ssl_key = array_key_exists('ssl_key', $this->ssl_options) ? $this->ssl_options['ssl_key'] : '';
+ $ssl_cert = array_key_exists('ssl_cert', $this->ssl_options) ? $this->ssl_options['ssl_cert'] : '';
+ $ssl_ca = array_key_exists('ssl_ca', $this->ssl_options) ? $this->ssl_options['ssl_ca'] : '';
+ $ssl_capath = array_key_exists('ssl_capath', $this->ssl_options) ? $this->ssl_options['ssl_capath'] : '';
+ $ssl_cipher = array_key_exists('ssl_cipher', $this->ssl_options) ? $this->ssl_options['ssl_cipher'] : '';
+
+ $mysqli->ssl_set($ssl_key, $ssl_cert, $ssl_ca, $ssl_capath, $ssl_cipher);
+ $client_flags |= MYSQLI_CLIENT_SSL;
+ }
+
+ $connected = @$mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags);
+
+ if ($connected)
+ {
+ // If SSL was requested we want to do some checking and log an error if an SSL connection wasn't established.
+ if ($this->encrypt === TRUE)
+ {
+ $res = $mysqli->query("SHOW STATUS LIKE 'ssl_cipher';");
+ $ssl_status = $res->fetch_row();
+
+ if ($ssl_status[1] == '')
+ {
+ log_message('error',
+ "Problem With MySQLi SSL: An SSL connection was requested but the resulting connection is not using SSL!");
+ }
+ }
+
+ return $mysqli;
+ }
+ else
+ {
+ if ($mysqli->connect_errno)
+ {
+ log_message('error',
+ 'msqli connect failed, error: ' . mysqli_connect_error() . " | " . $mysqli->connect_error . " | " . $mysqli->connect_errno);
+ }
+ }
+
+ return FALSE;
}
// --------------------------------------------------------------------
diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst
index d21c79e44..6f1726ef6 100644
--- a/user_guide_src/source/database/configuration.rst
+++ b/user_guide_src/source/database/configuration.rst
@@ -30,6 +30,7 @@ prototype::
'encrypt' => FALSE,
'compress' => FALSE,
'stricton' => FALSE,
+ 'ssl_options' => array(),
'failover' => array()
);
@@ -71,7 +72,8 @@ These failovers can be specified by setting the failover for a connection like t
'swap_pre' => '',
'encrypt' => FALSE,
'compress' => FALSE,
- 'stricton' => FALSE
+ 'stricton' => FALSE,
+ 'ssl_options' => array()
),
array(
'hostname' => 'localhost2',
@@ -89,7 +91,8 @@ These failovers can be specified by setting the failover for a connection like t
'swap_pre' => '',
'encrypt' => FALSE,
'compress' => FALSE,
- 'stricton' => FALSE
+ 'stricton' => FALSE,
+ 'ssl_options' => array()
)
);
@@ -120,6 +123,7 @@ example, to set up a "test" environment you would do this::
'compress' => FALSE,
'encrypt' => FALSE,
'stricton' => FALSE,
+ 'ssl_options' => array(),
'failover' => array()
);
@@ -186,10 +190,12 @@ Explanation of Values:
::
$db['default']['port'] = 5432;
+
+**ssl_options** Used to set various SSL connection options and values.
====================== ==================================================================================================
.. note:: Depending on what database platform you are using (MySQL, PostgreSQL,
etc.) not all values will be needed. For example, when using SQLite you
will not need to supply a username or password, and the database name
will be the path to your database file. The information above assumes
- you are using MySQL. \ No newline at end of file
+ you are using MySQL.