Love Fuel?    Donate

FuelPHP Forums

Ask your question about FuelPHP in the appropriate forum, or help others by answering their questions.
Using SSL with PDO MySQL connections
  • ext613ext613
    I didn't see any support for SSL when using PDO and MySQL, un-less I missed something, so I added some additional config fields in the db.php

    return array(
        'default' => array(
            'connection'  => array(
                'dsn'        => 'mysql:host=localhost;dbname=mydb',
                'username'   => 'root',
                'password'   => '',
                'usessl'     => false,
                'sslattributes' => array(
                    \PDO::MYSQL_ATTR_SSL_KEY => 'path_to_ssl_key',
                    \PDO::MYSQL_ATTR_SSL_CERT => 'path_to_ssl_cert',
                    \PDO::MYSQL_ATTR_SSL_CA => 'path_to_ssl_ca',
                ),
            ),
        ),
    );


    Then I overrode the core pdo connection class connect function with this addition:

    if ($usessl && $sslattributes)
    {
        // Add any ssl attributes defined in the config file
        $attrs += $sslattributes;
    }

    Will 2.0 have MySQL over SSL via PDO built-in?

    Cheers
  • HarroHarro
    2.0 only uses PDO, and no longer the native platform drivers. It has the option of passing in custom PDO attributes from the config.

    It does not have anything specific for SSL, so you will need to create two DB definitions, one with and one without the attributes.
  • ext613ext613
    Sounds good, thanks.
  • javixjavix
    Thank you for this, I struggled a bit trying to do the extension of the pdo class, but finally managed to do it.
    Thanks a lot.
    Kind regards.
  • javixjavix
    Hi again,

    If this can help anybody else, for Fuel 1.8 and PHP7.0.19

    This is how I extended the new PDO class:
    [code]
                        if ($this->_config['connection']['usessl'] && $this->_config['connection']['sslattributes'])
                        {
                          // Add any ssl attributes defined in the config file
                          $this->_config['attrs'] += $this->_config['connection']['sslattributes'];
                        }   
    [/code]

    Then the options for the db connection.
    [code]
                              'usessl' => true,
                            'sslattributes' => array(
                              \PDO::MYSQL_ATTR_SSL_KEY => APPPATH.'config/production/certs/client-key.pem',
                              \PDO::MYSQL_ATTR_SSL_CERT => APPPATH.'config/production/certs/client-cert.pem',
                              \PDO::MYSQL_ATTR_SSL_CA => APPPATH.'config/production/certs/server-ca.pem',
                              \PDO::MYSQL_ATTR_SSL_CIPHER => 'DHE-RSA-AES256-SHA',
                              \PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
                          ),

    [/code]

    Important is the last constant, in case of self signed SSL certificates (the default when using mysql_ssl_rsa_setup). Works since april 2017.

    Hope this helps.
Add a Comment

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Categories

In this Discussion