Add SSL configuration for MySQL

2025-10-26 05:26:17 +00:00 · 2020-05-22 00:22:31 +02:00
parent 1c9c380c8c
commit 3195dd0db0
2 changed files with 30 additions and 0 deletions
--- a/config/database.php
+++ b/config/database.php
@@ -39,6 +39,24 @@ if (!(false === $databaseUrl)) {
    $database = substr($options['path'] ?? '/firefly', 1);
 }

+/*
+ * Get SSL parameters from .env file.
+ */
+$mysql_ssl_ca_dir =  envNonEmpty('MYSQL_SSL_ROOT_CERT_PATH', null);
+$mysql_ssl_ca_file = envNonEmpty('MYSQL_SSL_ROOT_CERT',      null);
+$mysql_ssl_cert =    envNonEmpty('MYSQL_SSL_CERT',           null);
+$mysql_ssl_key =     envNonEmpty('MYSQL_SSL_KEY',            null);
+$mysql_ssl_ciphers = envNonEmpty('MYSQL_SSL_CIPHER',         null);
+$mysql_ssl_verify  = envNonEmpty('MYSQL_SSL_VERIFY',         null);
+
+$mysql_ssl_options = [];
+if ($mysql_ssl_ca_dir  !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CAPATH            ] = $mysql_ssl_ca_dir;
+if ($mysql_ssl_ca_file !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CA                ] = $mysql_ssl_ca_file;
+if ($mysql_ssl_cert    !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CERT              ] = $mysql_ssl_cert;
+if ($mysql_ssl_key     !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_KEY               ] = $mysql_ssl_key;
+if ($mysql_ssl_ciphers !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CIPHER            ] = $mysql_ssl_ciphers;
+if ($mysql_ssl_verify  !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = $mysql_ssl_verify;
+
 return [
    'default'     => envNonEmpty('DB_CONNECTION', 'pgsql'),
    'connections' => [
@@ -60,6 +78,8 @@ return [
            'prefix'      => '',
            'strict'      => true,
            'engine'      => 'InnoDB',
+            'sslmode'     => envNonEmpty('MYSQL_SSL_MODE', 'prefer'),
+            'options'     => $mysql_ssl_options,
        ],
        'pgsql'  => [
            'driver'      => 'pgsql',