summaryrefslogtreecommitdiffstats
path: root/system/database/drivers
diff options
context:
space:
mode:
Diffstat (limited to 'system/database/drivers')
-rw-r--r--system/database/drivers/mysqli/mysqli_driver.php72
1 files changed, 28 insertions, 44 deletions
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index 61a37bd03..82abf4e73 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -86,21 +86,6 @@ class CI_DB_mysqli_driver extends CI_DB {
*/
public $stricton = FALSE;
- /**
- * Used to set various SSL options that can be used when making SSL connections.
- *
- * @see http://php.net/manual/en/mysqli.ssl-set.php Documentation for MySQLi
- *
- * @var array
- */
- public $ssl_options = array(
- "ssl_key" => '', // The path name to the key file.
- "ssl_cert" => '', // The path name to the certificate file.
- "ssl_ca" => '', // The path name to the certificate authority file.
- "ssl_capath" => '', // The pathname to a directory that contains trusted SSL CA certificates in PEM format.
- "ssl_cipher" => '' // A list of allowable ciphers to use for SSL encryption.
- );
-
// --------------------------------------------------------------------
/**
@@ -117,7 +102,6 @@ class CI_DB_mysqli_driver extends CI_DB {
*
* @param bool $persistent
* @return object
- * @todo SSL support
*/
public function db_connect($persistent = FALSE)
{
@@ -147,45 +131,45 @@ class CI_DB_mysqli_driver extends CI_DB {
$mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode="STRICT_ALL_TABLES"');
}
- if ($this->encrypt === TRUE)
+ if (is_array($this->encrypt))
{
- $ssl_key = array_key_exists('ssl_key', $this->ssl_options) ? $this->ssl_options['ssl_key'] : '';
- $ssl_cert = array_key_exists('ssl_cert', $this->ssl_options) ? $this->ssl_options['ssl_cert'] : '';
- $ssl_ca = array_key_exists('ssl_ca', $this->ssl_options) ? $this->ssl_options['ssl_ca'] : '';
- $ssl_capath = array_key_exists('ssl_capath', $this->ssl_options) ? $this->ssl_options['ssl_capath'] : '';
- $ssl_cipher = array_key_exists('ssl_cipher', $this->ssl_options) ? $this->ssl_options['ssl_cipher'] : '';
-
- $mysqli->ssl_set($ssl_key, $ssl_cert, $ssl_ca, $ssl_capath, $ssl_cipher);
- $client_flags |= MYSQLI_CLIENT_SSL;
+ $ssl = array();
+ empty($this->encrypt['ssl_key']) OR $ssl['key'] = $this->encrypt['ssl_key'];
+ empty($this->encrypt['ssl_cert']) OR $ssl['cert'] = $this->encrypt['ssl_cert'];
+ empty($this->encrypt['ssl_ca']) OR $ssl['ca'] = $this->encrypt['ssl_ca'];
+ empty($this->encrypt['ssl_capath']) OR $ssl['capath'] = $this->encrypt['ssl_capath'];
+ empty($this->encrypt['ssl_cipher']) OR $ssl['cipher'] = $this->encrypt['ssl_cipher'];
+
+ if ( ! empty($ssl))
+ {
+ $client_flags |= MYSQLI_CLIENT_SSL;
+ $mysqli->ssl_set(
+ isset($ssl['key']) ? $ssl['key'] : NULL,
+ isset($ssl['cert']) ? $ssl['cert'] : NULL,
+ isset($ssl['ca']) ? $ssl['ca'] : NULL,
+ isset($ssl['capath']) ? $ssl['capath'] : NULL,
+ isset($ssl['cipher']) ? $ssl['cipher'] : NULL
+ );
+ }
}
- $connected = @$mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags);
-
- if ($connected)
+ if ($mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags))
{
- // If SSL was requested we want to do some checking and log an error if an SSL connection wasn't established.
- if ($this->encrypt === TRUE)
+ // Prior to version 5.7.3, MySQL silently downgrades to an unencrypted connection if SSL setup fails
+ if (($client_flags & MYSQLI_CLIENT_SSL) && version_compare($mysqli->client_info, '5.7.3', '<='))
{
- $res = $mysqli->query("SHOW STATUS LIKE 'ssl_cipher';");
- $ssl_status = $res->fetch_row();
-
- if ($ssl_status[1] == '')
+ $ssl = $mysqli->query("SHOW STATUS LIKE 'ssl_cipher'")->fetch_row();
+ if (empty($ssl[1]))
{
- log_message('error',
- "Problem With MySQLi SSL: An SSL connection was requested but the resulting connection is not using SSL!");
+ $mysqli->close();
+ $message = 'MySQLi was configured for an SSL connection, but got an unencrypted connection instead!';
+ log_message('error', $message);
+ return ($this->db->db_debug) ? $this->db->display_error($message, '', TRUE) : FALSE;
}
}
return $mysqli;
}
- else
- {
- if ($mysqli->connect_errno)
- {
- log_message('error',
- 'msqli connect failed, error: ' . mysqli_connect_error() . " | " . $mysqli->connect_error . " | " . $mysqli->connect_errno);
- }
- }
return FALSE;
}