Bug 906191 - Introduce SSL for Bugzilla DB connections for MySQL

r=simon, a=glob

Bug 906191 - Introduce SSL for Bugzilla DB connections for MySQL
7241e528 · Alexander Tereschenko · Simon Green · e79ac7a5 · 7241e528 · 7241e528
Commit 7241e528 authored Nov 05, 2013 by Alexander Tereschenko Committed by Simon Green Nov 05, 2013
Hide whitespace changes
Inline Side-by-side

Showing with 44 additions and 0 deletions

Mysql.pm Bugzilla/DB/Mysql.pm +12 -0

Localconfig.pm Bugzilla/Install/Localconfig.pm +16 -0

strings.txt.pl template/en/default/setup/strings.txt.pl +16 -0

No files found.
--- a/Bugzilla/DB/Mysql.pm
+++ b/Bugzilla/DB/Mysql.pm
@@ -58,6 +58,18 @@ sub new {
        mysql_auto_reconnect => 1,
    );
    
+    # MySQL SSL options
+    my ($ssl_ca_file, $ssl_ca_path, $ssl_cert, $ssl_key) =
+        @$params{qw(db_mysql_ssl_ca_file db_mysql_ssl_ca_path
+                    db_mysql_ssl_client_cert db_mysql_ssl_client_key)};
+    if ($ssl_ca_file || $ssl_ca_path || $ssl_cert || $ssl_key) {
+        $attrs{'mysql_ssl'}             = 1;
+        $attrs{'mysql_ssl_ca_file'}     = $ssl_ca_file if $ssl_ca_file;
+        $attrs{'mysql_ssl_ca_path'}     = $ssl_ca_path if $ssl_ca_path;
+        $attrs{'mysql_ssl_client_cert'} = $ssl_cert    if $ssl_cert;
+        $attrs{'mysql_ssl_client_key'}  = $ssl_key     if $ssl_key;
+    }
+
    my $self = $class->db_new({ dsn => $dsn, user => $user, 
                                pass => $pass, attrs => \%attrs });


--- a/Bugzilla/Install/Localconfig.pm
+++ b/Bugzilla/Install/Localconfig.pm
@@ -80,6 +80,22 @@ use constant LOCALCONFIG_VARS => (
        default => 1,
    },
    {
+        name    => 'db_mysql_ssl_ca_file',
+        default => '',
+    },
+    {
+        name    => 'db_mysql_ssl_ca_path',
+        default => '',
+    },
+    {
+        name    => 'db_mysql_ssl_client_cert',
+        default => '',
+    },
+    {
+        name    => 'db_mysql_ssl_client_key',
+        default => '',
+    },
+    {
        name    => 'index_html',
        default => 0,
    },

--- a/template/en/default/setup/strings.txt.pl
+++ b/template/en/default/setup/strings.txt.pl
@@ -196,6 +196,22 @@ blank, then MySQL's compiled-in default will be used. You probably
 want that.
 END
    localconfig_db_user => "Who we connect to the database as.",
+    localconfig_db_mysql_ssl_ca_file => <<'END',
+Path to a PEM file with a list of trusted SSL CA certificates.
+The file must be readable by web server user.
+END
+    localconfig_db_mysql_ssl_ca_path => <<'END',
+Path to a directory containing trusted SSL CA certificates in PEM format.
+Directory and files inside must be readable by the web server user.
+END
+    localconfig_db_mysql_ssl_client_cert => <<'END',
+Full path to the client SSL certificate in PEM format we will present to the DB server.
+The file must be readable by web server user.
+END
+    localconfig_db_mysql_ssl_client_key => <<'END',
+Full path to the private key corresponding to the client SSL certificate.
+The file must not be password-protected and must be readable by web server user.
+END
    localconfig_diffpath => <<'END',
 For the "Difference Between Two Patches" feature to work, we need to know
 what directory the "diff" bin is in. (You only need to set this if you