Mysqli: Allow secure connections using SSL

The current driver has no option to allow the usage of SSL connections on mysql. I've used the same name params as mysql client. An example of mysql client usage would be: mysql --ssl-ca='path_to_ca.pem' --ssl-cert='path_to_client_cert.pem' --ssl-key='path_to_client_key.pem' refactor secure connection as params remove space add space refactor secure connection rename method rename method docs: add ssl params to use in mysqli driver rename test method refactor method setSecureConnection fix bug add comment to method remove string escaping

Mysqli: Allow secure connections using SSL
The current driver has no option to allow the usage of SSL connections on mysql. I've used the same name params as mysql client. An example of mysql client usage would be: mysql --ssl-ca='path_to_ca.pem' --ssl-cert='path_to_client_cert.pem' --ssl-key='path_to_client_key.pem' refactor secure connection as params remove space add space refactor secure connection rename method rename method docs: add ssl params to use in mysqli driver rename test method refactor method setSecureConnection fix bug add comment to method remove string escaping
78e58376 · Pau · Pau Grau · 51f6934c · 78e58376 · 78e58376
Commit 78e58376 authored Dec 02, 2016 by Pau Committed by Pau Grau Feb 01, 2017
3 changed files
--- a/docs/en/reference/configuration.rst
+++ b/docs/en/reference/configuration.rst
@@ -235,6 +235,11 @@ mysqli
   the database.
 -  ``charset`` (string): The charset used when connecting to the
   database.
+-  ``ssl_key`` (string): The path name to the key file to use for SSL encryption.
+-  ``ssl_cert`` (string): The path name to the certificate file to use for SSL encryption.
+-  ``ssl_ca`` (string): The path name to the certificate authority file to use for SSL encryption.
+-  ``ssl_capath`` (string): The pathname to a directory that contains trusted SSL CA certificates in PEM format.
+-  ``ssl_cipher`` (string): A list of allowable ciphers to use for SSL encryption.
 -  ``driverOptions`` Any supported flags for mysqli found on `http://www.php.net/manual/en/mysqli.real-connect.php`
 pdo\_pgsql

--- a/lib/Doctrine/DBAL/Driver/Mysqli/MysqliConnection.php
+++ b/lib/Doctrine/DBAL/Driver/Mysqli/MysqliConnection.php
@@ -63,6 +63,7 @@ class MysqliConnection implements Connection, PingableConnection, ServerInfoAwar
        $this->_conn = mysqli_init();
+        $this->setSecureConnection($params);
        $this->setDriverOptions($driverOptions);
        set_error_handler(function () {});
@@ -263,4 +264,35 @@ class MysqliConnection implements Connection, PingableConnection, ServerInfoAwar
    {
        return $this->_conn->ping();
    }
+    /**
+     * Establish a secure connection
+     *
+     * @param array $params
+     * @throws MysqliException
+     */
+    private function setSecureConnection(array $params)
+    {
+        if (! isset($params['ssl_key']) &&
+            ! isset($params['ssl_cert']) &&
+            ! isset($params['ssl_ca']) &&
+            ! isset($params['ssl_capath']) &&
+            ! isset($params['ssl_cipher'])
+        ) {
+            return;
+        }
+        if (! isset($params['ssl_key']) || ! isset($params['ssl_cert'])) {
+            $msg = '"ssl_key" and "ssl_cert" parameters are mandatory when using secure connection parameters.';
+            throw new MysqliException($msg);
+        }
+        $this->_conn->ssl_set(
+            $params['ssl_key'],
+            $params['ssl_cert'],
+            $params['ssl_ca']     ?? null,
+            $params['ssl_capath'] ?? null,
+            $params['ssl_cipher'] ?? null
+        );
+    }
 }
--- a/tests/Doctrine/Tests/DBAL/Driver/Mysqli/MysqliConnectionTest.php
+++ b/tests/Doctrine/Tests/DBAL/Driver/Mysqli/MysqliConnectionTest.php
@@ -2,6 +2,8 @@
 namespace Doctrine\Tests\DBAL\Driver\Mysqli;
+use Doctrine\DBAL\Driver\Mysqli\MysqliConnection;
+use Doctrine\DBAL\Driver\Mysqli\MysqliException;
 use Doctrine\Tests\DbalTestCase;
 class MysqliConnectionTest extends DbalTestCase
@@ -21,7 +23,7 @@ class MysqliConnectionTest extends DbalTestCase
        parent::setUp();
-        $this->connectionMock = $this->getMockBuilder('Doctrine\DBAL\Driver\Mysqli\MysqliConnection')
+        $this->connectionMock = $this->getMockBuilder(MysqliConnection::class)
            ->disableOriginalConstructor()
            ->getMockForAbstractClass();
    }
@@ -30,4 +32,35 @@ class MysqliConnectionTest extends DbalTestCase
    {
        $this->assertFalse($this->connectionMock->requiresQueryForServerVersion());
    }
+    /**
+     * @dataProvider secureMissingParamsProvider
+     */
+    public function testThrowsExceptionWhenMissingMandatorySecureParams(array $secureParams)
+    {
+        $this->expectException(MysqliException::class);
+        $msg = '"ssl_key" and "ssl_cert" parameters are mandatory when using secure connection parameters.';
+        $this->expectExceptionMessage($msg);
+        new MysqliConnection($secureParams, 'xxx', 'xxx');
+    }
+    public function secureMissingParamsProvider()
+    {
+        return [
+            [
+                ['ssl_cert' => 'cert.pem']
+            ],
+            [
+                ['ssl_key' => 'key.pem']
+            ],
+            [
+                ['ssl_key' => 'key.pem', 'ssl_ca' => 'ca.pem', 'ssl_capath' => 'xxx', 'ssl_cipher' => 'xxx']
+            ],
+            [
+                ['ssl_ca' => 'ca.pem', 'ssl_capath' => 'xxx', 'ssl_cipher' => 'xxx']
+            ]
+        ];
+    }
 }