From a0f1872e4978304a3b096ce90ee539c5e481b4f2 Mon Sep 17 00:00:00 2001
From: Tim Nolte <noltet@sekisui-spi.com>
Date: Fri, 5 Jun 2015 13:40:18 -0400
Subject: Updated the MySQLi driver to provide support for SSL connections as
 well as additional database connection options. Uses the DB_driver class
 encrypt option as the flag for turning on encryption. Also added SSL
 connection validation with error logging in order to provide users a way to
 know if they are actually connecting via SSL.

Signed-off-by: Tim Nolte <noltet@sekisui-spi.com>
---
 system/database/drivers/mysqli/mysqli_driver.php | 92 +++++++++++++++++++++++-
 1 file changed, 90 insertions(+), 2 deletions(-)

diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index e953db052..dd4a9c460 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -59,6 +59,21 @@ class CI_DB_mysqli_driver extends CI_DB {
 	 */
 	public $dbdriver = 'mysqli';
 
+	/**
+	 * Database options list
+	 *
+	 * Used to set various database options and values.
+	 *
+	 * @example http://php.net/manual/en/mysqli.options.php		Allows to set options not built-in/handled by CI.
+	 *
+	 * <code>
+	 * array( MYSQLI_OPT_SSL_VERIFY_SERVER_CERT => true );
+	 * </code>
+	 *
+	 * @var array
+	 */
+	public $db_options		= array();
+
 	/**
 	 * Compression flag
 	 *
@@ -86,6 +101,41 @@ class CI_DB_mysqli_driver extends CI_DB {
 	 */
 	public $stricton = FALSE;
 
+	/**
+	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
+	 *
+	 * @var string
+	 */
+	public $ssl_key		= '';
+
+	/**
+	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
+	 *
+	 * @var string
+	 */
+	public $ssl_cert		= '';
+
+	/**
+	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
+	 *
+	 * @var string
+	 */
+	public $ssl_ca		= '';
+
+	/**
+	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
+	 *
+	 * @var string
+	 */
+	public $ssl_capath		= '';
+
+	/**
+	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
+	 *
+	 * @var string
+	 */
+	public $ssl_cipher		= '';
+
 	// --------------------------------------------------------------------
 
 	/**
@@ -132,8 +182,46 @@ class CI_DB_mysqli_driver extends CI_DB {
 			$mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode="STRICT_ALL_TABLES"');
 		}
 
-		return $mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags)
-			? $mysqli : FALSE;
+		foreach ($this->db_options AS $key => $value)
+		{
+			$mysqli->options($key, $value);
+		}
+
+		if ($this->encrypt === TRUE)
+		{
+			$mysqli->ssl_set($this->ssl_key, $this->ssl_cert, $this->ssl_ca, $this->ssl_capath, $this->ssl_cipher);
+			$client_flags |= MYSQLI_CLIENT_SSL;
+		}
+
+		$connected = @$mysqli->real_connect($hostname, $this->username, $this->password, $this->database, $port, $socket, $client_flags);
+
+		if ($connected)
+		{
+			// If SSL was requested we want to do some checking and log an error if an SSL connection wasn't established.
+			if ($this->encrypt === TRUE)
+			{
+				$res        = $mysqli->query("SHOW STATUS LIKE 'ssl_cipher';");
+				$ssl_status = $res->fetch_row();
+
+				if ($ssl_status[1] == '')
+				{
+					log_message('error',
+							"Problem With MySQLi SSL: An SSL connection was requested but the resulting connection is not using SSL!");
+				}
+			}
+
+			return $mysqli;
+		}
+		else
+		{
+			if ($mysqli->connect_errno)
+			{
+				log_message('error',
+						'msqli connect failed, error: ' . mysqli_connect_error() . " | " . $mysqli->connect_error . " | " . $mysqli->connect_errno);
+			}
+		}
+
+		return FALSE;
 	}
 
 	// --------------------------------------------------------------------
-- 
cgit v1.2.3-24-g4f1b


From c09ab9d2b31a6c1d60a8db3970dd56feceee9415 Mon Sep 17 00:00:00 2001
From: Tim Nolte <noltet@sekisui-spi.com>
Date: Mon, 8 Jun 2015 10:40:26 -0400
Subject: Fixed missing MySQLi driver parameter DOCBLOCK descriptions. Updated
 database configuration documentation to include a list of the new MySQLi
 driver parameters.

Signed-off-by: Tim Nolte <noltet@sekisui-spi.com>
---
 system/database/drivers/mysqli/mysqli_driver.php | 10 ++++++++++
 user_guide_src/source/database/configuration.rst |  9 ++++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index dd4a9c460..26b2a8a09 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -102,6 +102,8 @@ class CI_DB_mysqli_driver extends CI_DB {
 	public $stricton = FALSE;
 
 	/**
+	 * The path name to the key file.
+	 *
 	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
 	 *
 	 * @var string
@@ -109,6 +111,8 @@ class CI_DB_mysqli_driver extends CI_DB {
 	public $ssl_key		= '';
 
 	/**
+	 * The path name to the certificate file.
+	 *
 	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
 	 *
 	 * @var string
@@ -116,6 +120,8 @@ class CI_DB_mysqli_driver extends CI_DB {
 	public $ssl_cert		= '';
 
 	/**
+	 * The path name to the certificate authority file.
+	 *
 	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
 	 *
 	 * @var string
@@ -123,6 +129,8 @@ class CI_DB_mysqli_driver extends CI_DB {
 	public $ssl_ca		= '';
 
 	/**
+	 * The pathname to a directory that contains trusted SSL CA certificates in PEM format.
+	 *
 	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
 	 *
 	 * @var string
@@ -130,6 +138,8 @@ class CI_DB_mysqli_driver extends CI_DB {
 	public $ssl_capath		= '';
 
 	/**
+	 * A list of allowable ciphers to use for SSL encryption.
+	 *
 	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
 	 *
 	 * @var string
diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst
index d21c79e44..1d10bc1a6 100644
--- a/user_guide_src/source/database/configuration.rst
+++ b/user_guide_src/source/database/configuration.rst
@@ -186,10 +186,17 @@ Explanation of Values:
 			::
 
 				$db['default']['port'] = 5432;
+
+**db_options**		Used to set various database connections options and values. (MySQLi only)
+**ssl_key**		The path name to the key file. (MySQLi only)
+**ssl_cert**		The path name to the certificate file. (MySQLi only)
+**ssl_ca**		The path name to the certificate authority file. (MySQLi only)
+**ssl_capath**		The pathname to a directory that contains trusted SSL CA certificates in PEM format. (MySQLi only)
+**ssl_cipher**		A list of allowable ciphers to use for SSL encryption. (MySQLi only)
 ======================  ==================================================================================================
 
 .. note:: Depending on what database platform you are using (MySQL, PostgreSQL,
 	etc.) not all values will be needed. For example, when using SQLite you
 	will not need to supply a username or password, and the database name
 	will be the path to your database file. The information above assumes
-	you are using MySQL.
\ No newline at end of file
+	you are using MySQL.
-- 
cgit v1.2.3-24-g4f1b


From 2ac4177b4b6afc63d594523416c3991d23dddf20 Mon Sep 17 00:00:00 2001
From: Tim Nolte <noltet@sekisui-spi.com>
Date: Mon, 8 Jun 2015 11:02:56 -0400
Subject: Added new MySQLi parameters/info to default database config file.
 Fixed missing new MySQLi parameters from database configuration documentation
 examples.

Signed-off-by: Tim Nolte <noltet@sekisui-spi.com>
---
 application/config/database.php                  | 12 ++++++++++
 user_guide_src/source/database/configuration.rst | 28 ++++++++++++++++++++++--
 2 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/application/config/database.php b/application/config/database.php
index 925b3e504..36ae83dda 100644
--- a/application/config/database.php
+++ b/application/config/database.php
@@ -43,6 +43,12 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 |	['compress'] Whether or not to use client compression (MySQL only)
 |	['stricton'] TRUE/FALSE - forces 'Strict Mode' connections
 |							- good for ensuring strict SQL while developing
+|	['db_options']	Used to set various database connections options and values. (MySQLi only)
+|	['ssl_key']		The path name to the key file. (MySQLi only)
+|	['ssl_cert']	The path name to the certificate file. (MySQLi only)
+|	['ssl_ca']		The path name to the certificate authority file. (MySQLi only)
+|	['ssl_capath']	The pathname to a directory that contains trusted SSL CA certificates in PEM format. (MySQLi only)
+|	['ssl_cipher']	A list of allowable ciphers to use for SSL encryption. (MySQLi only)
 |	['failover'] array - A array with 0 or more data for connections if the main should fail.
 |	['save_queries'] TRUE/FALSE - Whether to "save" all executed queries.
 | 				NOTE: Disabling this will also effectively disable both
@@ -80,6 +86,12 @@ $db['default'] = array(
 	'encrypt' => FALSE,
 	'compress' => FALSE,
 	'stricton' => FALSE,
+	'db_options' => array(),
+	'ssl_key' => '',
+	'ssl_cert' => '',
+	'ssl_ca' => '',
+	'ssl_capath' => '',
+	'ssl_cipher' => '',
 	'failover' => array(),
 	'save_queries' => TRUE
 );
diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst
index 1d10bc1a6..510037dba 100644
--- a/user_guide_src/source/database/configuration.rst
+++ b/user_guide_src/source/database/configuration.rst
@@ -30,6 +30,12 @@ prototype::
 		'encrypt' => FALSE,
 		'compress' => FALSE,
 		'stricton' => FALSE,
+		'db_options' => array(),
+		'ssl_key' => '',
+		'ssl_cert' => '',
+		'ssl_ca' => '',
+		'ssl_capath' => '',
+		'ssl_cipher' => '',
 		'failover' => array()
 	);
 
@@ -71,7 +77,13 @@ These failovers can be specified by setting the failover for a connection like t
 				'swap_pre' => '',
 				'encrypt' => FALSE,
 				'compress' => FALSE,
-				'stricton' => FALSE
+				'stricton' => FALSE,
+				'db_options' => array(),
+				'ssl_key' => '',
+				'ssl_cert' => '',
+				'ssl_ca' => '',
+				'ssl_capath' => '',
+				'ssl_cipher' => ''
 			),
 			array(
 				'hostname' => 'localhost2',
@@ -89,7 +101,13 @@ These failovers can be specified by setting the failover for a connection like t
 				'swap_pre' => '',
 				'encrypt' => FALSE,
 				'compress' => FALSE,
-				'stricton' => FALSE
+				'stricton' => FALSE,
+				'db_options' => array(),
+				'ssl_key' => '',
+				'ssl_cert' => '',
+				'ssl_ca' => '',
+				'ssl_capath' => '',
+				'ssl_cipher' => ''
 			)
 		);
 
@@ -120,6 +138,12 @@ example, to set up a "test" environment you would do this::
 		'compress' => FALSE,
 		'encrypt' => FALSE,
 		'stricton' => FALSE,
+		'db_options' => array(),
+		'ssl_key' => '',
+		'ssl_cert' => '',
+		'ssl_ca' => '',
+		'ssl_capath' => '',
+		'ssl_cipher' => '',
 		'failover' => array()
 	);
 
-- 
cgit v1.2.3-24-g4f1b


From ced557b99cec159a3ad36e497819b8da7f70cd1e Mon Sep 17 00:00:00 2001
From: Tim Nolte <noltet@sekisui-spi.com>
Date: Thu, 18 Jun 2015 15:28:43 -0400
Subject: Removed db_options configuration item for implementation later.
 Changed 5 new MySQLi SSL configuration options to a single ssl_options config
 item that is an array that will be read to set the individual SSL options.

Signed-off-by: Tim Nolte <noltet@sekisui-spi.com>
---
 application/config/database.php                  |  7 +--
 system/database/drivers/mysqli/mysqli_driver.php | 76 +++++-------------------
 user_guide_src/source/database/configuration.rst | 35 ++---------
 3 files changed, 22 insertions(+), 96 deletions(-)

diff --git a/application/config/database.php b/application/config/database.php
index 26353cfb2..7baab3fd5 100644
--- a/application/config/database.php
+++ b/application/config/database.php
@@ -86,12 +86,7 @@ $db['default'] = array(
 	'encrypt' => FALSE,
 	'compress' => FALSE,
 	'stricton' => FALSE,
-	'db_options' => array(),
-	'ssl_key' => '',
-	'ssl_cert' => '',
-	'ssl_ca' => '',
-	'ssl_capath' => '',
-	'ssl_cipher' => '',
+	'ssl_options' => array(),
 	'failover' => array(),
 	'save_queries' => TRUE
 );
diff --git a/system/database/drivers/mysqli/mysqli_driver.php b/system/database/drivers/mysqli/mysqli_driver.php
index 26b2a8a09..61a37bd03 100644
--- a/system/database/drivers/mysqli/mysqli_driver.php
+++ b/system/database/drivers/mysqli/mysqli_driver.php
@@ -59,21 +59,6 @@ class CI_DB_mysqli_driver extends CI_DB {
 	 */
 	public $dbdriver = 'mysqli';
 
-	/**
-	 * Database options list
-	 *
-	 * Used to set various database options and values.
-	 *
-	 * @example http://php.net/manual/en/mysqli.options.php		Allows to set options not built-in/handled by CI.
-	 *
-	 * <code>
-	 * array( MYSQLI_OPT_SSL_VERIFY_SERVER_CERT => true );
-	 * </code>
-	 *
-	 * @var array
-	 */
-	public $db_options		= array();
-
 	/**
 	 * Compression flag
 	 *
@@ -102,49 +87,19 @@ class CI_DB_mysqli_driver extends CI_DB {
 	public $stricton = FALSE;
 
 	/**
-	 * The path name to the key file.
+	 * Used to set various SSL options that can be used when making SSL connections.
 	 *
 	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
 	 *
-	 * @var string
-	 */
-	public $ssl_key		= '';
-
-	/**
-	 * The path name to the certificate file.
-	 *
-	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
-	 *
-	 * @var string
-	 */
-	public $ssl_cert		= '';
-
-	/**
-	 * The path name to the certificate authority file.
-	 *
-	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
-	 *
-	 * @var string
-	 */
-	public $ssl_ca		= '';
-
-	/**
-	 * The pathname to a directory that contains trusted SSL CA certificates in PEM format.
-	 *
-	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
-	 *
-	 * @var string
-	 */
-	public $ssl_capath		= '';
-
-	/**
-	 * A list of allowable ciphers to use for SSL encryption.
-	 *
-	 * @see http://php.net/manual/en/mysqli.ssl-set.php		Documentation for MySQLi
-	 *
-	 * @var string
+	 * @var array
 	 */
-	public $ssl_cipher		= '';
+	public $ssl_options = array(
+			"ssl_key"    => '', // The path name to the key file.
+			"ssl_cert"   => '', // The path name to the certificate file.
+			"ssl_ca"     => '', // The path name to the certificate authority file.
+			"ssl_capath" => '', // The pathname to a directory that contains trusted SSL CA certificates in PEM format.
+			"ssl_cipher" => '' // A list of allowable ciphers to use for SSL encryption.
+	);
 
 	// --------------------------------------------------------------------
 
@@ -192,14 +147,15 @@ class CI_DB_mysqli_driver extends CI_DB {
 			$mysqli->options(MYSQLI_INIT_COMMAND, 'SET SESSION sql_mode="STRICT_ALL_TABLES"');
 		}
 
-		foreach ($this->db_options AS $key => $value)
-		{
-			$mysqli->options($key, $value);
-		}
-
 		if ($this->encrypt === TRUE)
 		{
-			$mysqli->ssl_set($this->ssl_key, $this->ssl_cert, $this->ssl_ca, $this->ssl_capath, $this->ssl_cipher);
+			$ssl_key    = array_key_exists('ssl_key', $this->ssl_options) ? $this->ssl_options['ssl_key'] : '';
+			$ssl_cert   = array_key_exists('ssl_cert', $this->ssl_options) ? $this->ssl_options['ssl_cert'] : '';
+			$ssl_ca     = array_key_exists('ssl_ca', $this->ssl_options) ? $this->ssl_options['ssl_ca'] : '';
+			$ssl_capath = array_key_exists('ssl_capath', $this->ssl_options) ? $this->ssl_options['ssl_capath'] : '';
+			$ssl_cipher = array_key_exists('ssl_cipher', $this->ssl_options) ? $this->ssl_options['ssl_cipher'] : '';
+
+			$mysqli->ssl_set($ssl_key, $ssl_cert, $ssl_ca, $ssl_capath, $ssl_cipher);
 			$client_flags |= MYSQLI_CLIENT_SSL;
 		}
 
diff --git a/user_guide_src/source/database/configuration.rst b/user_guide_src/source/database/configuration.rst
index 510037dba..6f1726ef6 100644
--- a/user_guide_src/source/database/configuration.rst
+++ b/user_guide_src/source/database/configuration.rst
@@ -30,12 +30,7 @@ prototype::
 		'encrypt' => FALSE,
 		'compress' => FALSE,
 		'stricton' => FALSE,
-		'db_options' => array(),
-		'ssl_key' => '',
-		'ssl_cert' => '',
-		'ssl_ca' => '',
-		'ssl_capath' => '',
-		'ssl_cipher' => '',
+		'ssl_options' => array(),
 		'failover' => array()
 	);
 
@@ -78,12 +73,7 @@ These failovers can be specified by setting the failover for a connection like t
 				'encrypt' => FALSE,
 				'compress' => FALSE,
 				'stricton' => FALSE,
-				'db_options' => array(),
-				'ssl_key' => '',
-				'ssl_cert' => '',
-				'ssl_ca' => '',
-				'ssl_capath' => '',
-				'ssl_cipher' => ''
+				'ssl_options' => array()
 			),
 			array(
 				'hostname' => 'localhost2',
@@ -102,12 +92,7 @@ These failovers can be specified by setting the failover for a connection like t
 				'encrypt' => FALSE,
 				'compress' => FALSE,
 				'stricton' => FALSE,
-				'db_options' => array(),
-				'ssl_key' => '',
-				'ssl_cert' => '',
-				'ssl_ca' => '',
-				'ssl_capath' => '',
-				'ssl_cipher' => ''
+				'ssl_options' => array()
 			)
 		);
 
@@ -138,12 +123,7 @@ example, to set up a "test" environment you would do this::
 		'compress' => FALSE,
 		'encrypt' => FALSE,
 		'stricton' => FALSE,
-		'db_options' => array(),
-		'ssl_key' => '',
-		'ssl_cert' => '',
-		'ssl_ca' => '',
-		'ssl_capath' => '',
-		'ssl_cipher' => '',
+		'ssl_options' => array(),
 		'failover' => array()
 	);
 
@@ -211,12 +191,7 @@ Explanation of Values:
 
 				$db['default']['port'] = 5432;
 
-**db_options**		Used to set various database connections options and values. (MySQLi only)
-**ssl_key**		The path name to the key file. (MySQLi only)
-**ssl_cert**		The path name to the certificate file. (MySQLi only)
-**ssl_ca**		The path name to the certificate authority file. (MySQLi only)
-**ssl_capath**		The pathname to a directory that contains trusted SSL CA certificates in PEM format. (MySQLi only)
-**ssl_cipher**		A list of allowable ciphers to use for SSL encryption. (MySQLi only)
+**ssl_options**		Used to set various SSL connection options and values.
 ======================  ==================================================================================================
 
 .. note:: Depending on what database platform you are using (MySQL, PostgreSQL,
-- 
cgit v1.2.3-24-g4f1b


From 52ec8252a0cf1c57022fabe7a6d1abd0824f1d90 Mon Sep 17 00:00:00 2001
From: Tim Nolte <noltet@sekisui-spi.com>
Date: Thu, 18 Jun 2015 15:33:00 -0400
Subject: Fixed a cleanup miss in the default database config file to follow
 the recent SSL feature changes.

Signed-off-by: Tim Nolte <noltet@sekisui-spi.com>
---
 application/config/database.php | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/application/config/database.php b/application/config/database.php
index 7baab3fd5..20e66eab2 100644
--- a/application/config/database.php
+++ b/application/config/database.php
@@ -43,12 +43,7 @@ defined('BASEPATH') OR exit('No direct script access allowed');
 |	['compress'] Whether or not to use client compression (MySQL only)
 |	['stricton'] TRUE/FALSE - forces 'Strict Mode' connections
 |							- good for ensuring strict SQL while developing
-|	['db_options']	Used to set various database connections options and values. (MySQLi only)
-|	['ssl_key']		The path name to the key file. (MySQLi only)
-|	['ssl_cert']	The path name to the certificate file. (MySQLi only)
-|	['ssl_ca']		The path name to the certificate authority file. (MySQLi only)
-|	['ssl_capath']	The pathname to a directory that contains trusted SSL CA certificates in PEM format. (MySQLi only)
-|	['ssl_cipher']	A list of allowable ciphers to use for SSL encryption. (MySQLi only)
+|	['ssl_options']	Used to set various SSL options that can be used when making SSL connections.
 |	['failover'] array - A array with 0 or more data for connections if the main should fail.
 |	['save_queries'] TRUE/FALSE - Whether to "save" all executed queries.
 | 				NOTE: Disabling this will also effectively disable both
-- 
cgit v1.2.3-24-g4f1b