Re: [Postfixadmin-devel] MySQL SSL connection

[Lee C. <ja...@le...>]

On 10/02/2016 04:49 PM, Christian Boltz wrote:
> Hello,
> 
> Am Sonntag, 18. September 2016, 17:21:43 CEST schrieb Lee Clemens:
>> Is it possible to create a MySQL connection using SSL? It doesn't seem
>> the config options will be passed on to the underlying MySQL client
>> library.
> 
> No, we don't have code for that.
> 
> If you want to implement it yourself, have a look at functions.inc.php, 
> function db_connect().
> 
> I can't promise that we'll add this to the official code [1], but you'll 
> increase the chance if you send a patch ;-)
> 
> 
> Regards,
> 
> Christian Boltz
> 
> [1] I'd guess that most people connect to a MySQL server running on 
>     localhost, which makes SSL superfluous.
> 

Thank you for the reply and direction to the best function to look at.

I made some changes to use the mysqli_real_connect function, so there may be some compatibility concerns for really old version of php (<5)?

I tested it using database_ssl_ca, but ssl_set is a standard function and visibly appears to be passing in the other arguments correctly.

The database_port is also defined now, defaults to 3306, since it is an argument provided to mysqli_real_connect (was not previously configurable, iirc).

I believe the value for postgres will still be overridden in the $CONF array if:
// $CONF['database_port'] = '5432';
is uncommented in config.inc.php (further down from the new declaration I added).

The only performance impact should be seven additional keys (including the ability to specify the database_port for MySQL) in the default $CONF array and checking a single boolean per call to function db_connect.

Thanks,
Lee Clemens

* I understand it may be an uncommon requirement; I'm moving towards an 'encrypt everything' approach to security and these database connections occur over a shared network (aka 'cloud'...transiting the internet or just a service provider's internal hardware unencrypted).