tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow disabling MySQL server certificate validation by setting ssl_do_not_verify_server_cert 

Signed-off-by: Eric Lippmann <eric.lippmann@icinga.com>
This commit is contained in:
Marian Rainer-Harbach 2018-07-13 19:50:18 +02:00 committed by Eric Lippmann
parent 84e0c0c4fb
commit 5e40405a12
8 changed files with 71 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
application/forms/Config/Resource/DbResourceForm.php
View File

@ -170,6 +170,18 @@ class DbResourceForm extends Form
)
);
if (isset($formData['use_ssl']) && $formData['use_ssl']) {
if (defined('\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')) {
$this->addElement(
'checkbox',
'ssl_do_not_verify_server_cert',
array(
'label' => $this->translate('SSL Do Not Verify Server Certificate'),
'description' => $this->translate(
'Whether to disable verification of the server certificate'
)
)
);
}
$this->addElement(
'text',
'ssl_key',

BIN
application/locale/de_DE/LC_MESSAGES/icinga.mo
View File

Binary file not shown.

8
application/locale/de_DE/LC_MESSAGES/icinga.po
View File

@ -3868,3 +3868,11 @@ msgstr "umschalten"
#~ msgid "for"
#~ msgstr "für"
#: ../../../../application/forms/Config/Resource/DbResourceForm.php:176
msgid "SSL Do Not Verify Server Certificate"
msgstr "SSL-Serverzertifikat nicht verifizieren"
#: ../../../../application/forms/Config/Resource/DbResourceForm.php:178
msgid "Whether to disable verification of the server certificate"
msgstr "Die Verifikation des Serverzertifikats deaktivieren"

3
doc/04-Resources.md
View File

@ -24,7 +24,7 @@ A Database resource defines a connection to a SQL database which
can contain users and groups to handle authentication and authorization, monitoring data or user preferences.
Option | Description
-------------------------|-----------------------------------------------
------------------------------------|------------
type | **Required.** Specifies the resource type. Must be set to `db`.
db | **Required.** Database type. In most cases `mysql` or `pgsql`.
host | **Required.** Connect to the database server on the given host. For using unix domain sockets, specify `localhost` for MySQL and the path to the unix domain socket directory for PostgreSQL.
@ -33,6 +33,7 @@ username | **Required.** The database username.
password | **Required.** The database password.
dbname | **Required.** The database name.
charset | **Optional.** The character set for the database connection.
ssl\_do\_not\_verify\_server\_cert | **Optional.** Disable validation of the server certificate. Only available for the `mysql` database and on PHP versions > 5.6.
ssl\_cert | **Optional.** The file path to the SSL certificate. Only available for the `mysql` database.
ssl\_key | **Optional.** The file path to the SSL key. Only available for the `mysql` database.
ssl\_ca | **Optional.** The file path to the SSL certificate authority. Only available for the `mysql` database.

5
library/Icinga/Data/Db/DbConnection.php
View File

@ -185,6 +185,11 @@ class DbConnection implements Selectable, Extensible, Updatable, Reducible, Insp
if ($this->config->ssl_cipher) {
$adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config->ssl_cipher;
}
if (defined('PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
&& $this->config->ssl_do_not_verify_server_cert
) {
$adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = false;
}
}
/*
* Set MySQL server SQL modes to behave as closely as possible to Oracle and PostgreSQL. Note that the

10
modules/monitoring/library/Monitoring/BackendStep.php
View File

@ -114,6 +114,16 @@ class BackendStep extends Step
. '<td>' . str_repeat('*', strlen($this->data['resourceConfig']['password'])) . '</td>'
. '</tr>';
if (defined('\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
&& isset($this->data['resourceConfig']['ssl_do_not_verify_server_cert'])
&& $this->data['resourceConfig']['ssl_do_not_verify_server_cert']
) {
$resourceHtml .= ''
. '<tr>'
. '<td><strong>' . t('SSL Do Not Verify Server Certificate') . '</strong></td>'
. '<td>' . $this->data['resourceConfig']['ssl_do_not_verify_server_cert'] . '</td>'
. '</tr>';
}
if (isset($this->data['resourceConfig']['ssl_key']) && $this->data['resourceConfig']['ssl_key']) {
$resourceHtml .= ''
.'<tr>'

10
modules/setup/library/Setup/Steps/ResourceStep.php
View File

@ -91,6 +91,16 @@ class ResourceStep extends Step
. '<td>' . str_repeat('*', strlen($this->data['dbResourceConfig']['password'])) . '</td>'
. '</tr>';
if (defined('\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
&& isset($this->data['resourceConfig']['ssl_do_not_verify_server_cert'])
&& $this->data['resourceConfig']['ssl_do_not_verify_server_cert']
) {
$dbHtml .= ''
. '<tr>'
. '<td><strong>' . t('SSL Do Not Verify Server Certificate') . '</strong></td>'
. '<td>' . $this->data['resourceConfig']['ssl_do_not_verify_server_cert'] . '</td>'
. '</tr>';
}
if (isset($this->data['dbResourceConfig']['ssl_key']) && $this->data['dbResourceConfig']['ssl_key']) {
$dbHtml .= ''
.'<tr>'

10
modules/setup/library/Setup/Utils/DbTool.php
View File

@ -280,6 +280,11 @@ class DbTool
if ($this->config['ssl_cipher']) {
$config['driver_options'][PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config['ssl_cipher'];
}
if (defined('PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
&& $this->config['ssl_do_not_verify_server_cert']
) {
$config['driver_options'][PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = false;
}
}
$this->zendConn = new Zend_Db_Adapter_Pdo_Mysql($config);
} elseif ($this->config['db'] === 'pgsql') {
@ -330,6 +335,11 @@ class DbTool
if ($this->config['ssl_cipher']) {
$driverOptions[PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config['ssl_cipher'];
}
if (defined('PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
&& $this->config['ssl_do_not_verify_server_cert']
) {
$driverOptions[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = false;
}
}
$this->pdoConn = new PDO(