From 2ac4177b4b6afc63d594523416c3991d23dddf20 Mon Sep 17 00:00:00 2001 From: Tim Nolte Date: Mon, 8 Jun 2015 11:02:56 -0400 Subject: Added new MySQLi parameters/info to default database config file. Fixed missing new MySQLi parameters from database configuration documentation examples. Signed-off-by: Tim Nolte --- application/config/database.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'application/config/database.php') diff --git a/application/config/database.php b/application/config/database.php index 925b3e504..36ae83dda 100644 --- a/application/config/database.php +++ b/application/config/database.php @@ -43,6 +43,12 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | ['compress'] Whether or not to use client compression (MySQL only) | ['stricton'] TRUE/FALSE - forces 'Strict Mode' connections | - good for ensuring strict SQL while developing +| ['db_options'] Used to set various database connections options and values. (MySQLi only) +| ['ssl_key'] The path name to the key file. (MySQLi only) +| ['ssl_cert'] The path name to the certificate file. (MySQLi only) +| ['ssl_ca'] The path name to the certificate authority file. (MySQLi only) +| ['ssl_capath'] The pathname to a directory that contains trusted SSL CA certificates in PEM format. (MySQLi only) +| ['ssl_cipher'] A list of allowable ciphers to use for SSL encryption. (MySQLi only) | ['failover'] array - A array with 0 or more data for connections if the main should fail. | ['save_queries'] TRUE/FALSE - Whether to "save" all executed queries. | NOTE: Disabling this will also effectively disable both @@ -80,6 +86,12 @@ $db['default'] = array( 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE, + 'db_options' => array(), + 'ssl_key' => '', + 'ssl_cert' => '', + 'ssl_ca' => '', + 'ssl_capath' => '', + 'ssl_cipher' => '', 'failover' => array(), 'save_queries' => TRUE ); -- cgit v1.2.3-24-g4f1b From ced557b99cec159a3ad36e497819b8da7f70cd1e Mon Sep 17 00:00:00 2001 From: Tim Nolte Date: Thu, 18 Jun 2015 15:28:43 -0400 Subject: Removed db_options configuration item for implementation later. Changed 5 new MySQLi SSL configuration options to a single ssl_options config item that is an array that will be read to set the individual SSL options. Signed-off-by: Tim Nolte --- application/config/database.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'application/config/database.php') diff --git a/application/config/database.php b/application/config/database.php index 26353cfb2..7baab3fd5 100644 --- a/application/config/database.php +++ b/application/config/database.php @@ -86,12 +86,7 @@ $db['default'] = array( 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE, - 'db_options' => array(), - 'ssl_key' => '', - 'ssl_cert' => '', - 'ssl_ca' => '', - 'ssl_capath' => '', - 'ssl_cipher' => '', + 'ssl_options' => array(), 'failover' => array(), 'save_queries' => TRUE ); -- cgit v1.2.3-24-g4f1b From 52ec8252a0cf1c57022fabe7a6d1abd0824f1d90 Mon Sep 17 00:00:00 2001 From: Tim Nolte Date: Thu, 18 Jun 2015 15:33:00 -0400 Subject: Fixed a cleanup miss in the default database config file to follow the recent SSL feature changes. Signed-off-by: Tim Nolte --- application/config/database.php | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'application/config/database.php') diff --git a/application/config/database.php b/application/config/database.php index 7baab3fd5..20e66eab2 100644 --- a/application/config/database.php +++ b/application/config/database.php @@ -43,12 +43,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | ['compress'] Whether or not to use client compression (MySQL only) | ['stricton'] TRUE/FALSE - forces 'Strict Mode' connections | - good for ensuring strict SQL while developing -| ['db_options'] Used to set various database connections options and values. (MySQLi only) -| ['ssl_key'] The path name to the key file. (MySQLi only) -| ['ssl_cert'] The path name to the certificate file. (MySQLi only) -| ['ssl_ca'] The path name to the certificate authority file. (MySQLi only) -| ['ssl_capath'] The pathname to a directory that contains trusted SSL CA certificates in PEM format. (MySQLi only) -| ['ssl_cipher'] A list of allowable ciphers to use for SSL encryption. (MySQLi only) +| ['ssl_options'] Used to set various SSL options that can be used when making SSL connections. | ['failover'] array - A array with 0 or more data for connections if the main should fail. | ['save_queries'] TRUE/FALSE - Whether to "save" all executed queries. | NOTE: Disabling this will also effectively disable both -- cgit v1.2.3-24-g4f1b From 76e643e7e3ebff679407255f66eafae790912f31 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 16 Jul 2015 13:14:49 +0300 Subject: Refactor proposed changes from PR #3896 --- application/config/database.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'application/config/database.php') diff --git a/application/config/database.php b/application/config/database.php index 429b4d48a..656f0c35a 100644 --- a/application/config/database.php +++ b/application/config/database.php @@ -40,6 +40,16 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | Sites using Latin-1 or UTF-8 database character set and collation are unaffected. | ['swap_pre'] A default table prefix that should be swapped with the dbprefix | ['encrypt'] Whether or not to use an encrypted connection. +| +| 'mysql' (deprecated), 'sqlsrv' and 'pdo/sqlsrv' drivers accept TRUE/FALSE +| 'mysqli' driver accepts an array with the following options: +| +| 'ssl_key' - Path to the private key file +| 'ssl_cert' - Path to the public key certificate file +| 'ssl_ca' - Path to the certificate authority file +| 'ssl_capath' - Path to a directory containing trusted CA certificats in PEM format +| 'ssl_cipher' - List of *allowed* ciphers to be used for the encryption +| | ['compress'] Whether or not to use client compression (MySQL only) | ['stricton'] TRUE/FALSE - forces 'Strict Mode' connections | - good for ensuring strict SQL while developing @@ -80,7 +90,6 @@ $db['default'] = array( 'encrypt' => FALSE, 'compress' => FALSE, 'stricton' => FALSE, - 'ssl_options' => array(), 'failover' => array(), 'save_queries' => TRUE ); -- cgit v1.2.3-24-g4f1b From 0785e47152dcb3d3a96c04bc9507eff36a1926c1 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 16 Jul 2015 13:41:55 +0300 Subject: [ci skip] Add note about colon-separated ssl_cipher list --- application/config/database.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/config/database.php') diff --git a/application/config/database.php b/application/config/database.php index 656f0c35a..af29acdc7 100644 --- a/application/config/database.php +++ b/application/config/database.php @@ -48,7 +48,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | 'ssl_cert' - Path to the public key certificate file | 'ssl_ca' - Path to the certificate authority file | 'ssl_capath' - Path to a directory containing trusted CA certificats in PEM format -| 'ssl_cipher' - List of *allowed* ciphers to be used for the encryption +| 'ssl_cipher' - List of *allowed* ciphers to be used for the encryption, separated by colons (':') | | ['compress'] Whether or not to use client compression (MySQL only) | ['stricton'] TRUE/FALSE - forces 'Strict Mode' connections -- cgit v1.2.3-24-g4f1b From a38b0c45c79f7045d8f322d7727226d3b458956e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 16 Jul 2015 14:25:25 +0300 Subject: Add SSL support for PDO_MYSQL too Related: #3896 --- application/config/database.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'application/config/database.php') diff --git a/application/config/database.php b/application/config/database.php index af29acdc7..ea345ee79 100644 --- a/application/config/database.php +++ b/application/config/database.php @@ -42,7 +42,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | ['encrypt'] Whether or not to use an encrypted connection. | | 'mysql' (deprecated), 'sqlsrv' and 'pdo/sqlsrv' drivers accept TRUE/FALSE -| 'mysqli' driver accepts an array with the following options: +| 'mysqli' and 'pdo/mysql' drivers accept an array with the following options: | | 'ssl_key' - Path to the private key file | 'ssl_cert' - Path to the public key certificate file -- cgit v1.2.3-24-g4f1b From cfc9e77c89ee5377b25e411ef3d8ab43c8900b7e Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 16 Jul 2015 16:17:27 +0300 Subject: Add 'ssl_verify' option for mysqli driver MYSQLI_OPT_SSL_VERIFY_SERVER_CERT is an undocumented option that may not always be available. Reference: http://svn.php.net/viewvc/php/php-src/trunk/ext/mysqli/tests/mysqli_constants.phpt?view=markup&pathrev=302897 --- application/config/database.php | 1 + 1 file changed, 1 insertion(+) (limited to 'application/config/database.php') diff --git a/application/config/database.php b/application/config/database.php index ea345ee79..bf9857fff 100644 --- a/application/config/database.php +++ b/application/config/database.php @@ -49,6 +49,7 @@ defined('BASEPATH') OR exit('No direct script access allowed'); | 'ssl_ca' - Path to the certificate authority file | 'ssl_capath' - Path to a directory containing trusted CA certificats in PEM format | 'ssl_cipher' - List of *allowed* ciphers to be used for the encryption, separated by colons (':') +| 'ssl_verify' - TRUE/FALSE; Whether verify the server certificate or not ('mysqli' only) | | ['compress'] Whether or not to use client compression (MySQL only) | ['stricton'] TRUE/FALSE - forces 'Strict Mode' connections -- cgit v1.2.3-24-g4f1b