dev/core#2726 - Set ssl option when using DSN with SSL

[erawat]

Overview

Refer to issue https://lab.civicrm.org/dev/core/-/issues/2726.

DB::connect() function requires an options array that define ssl=true for mysqli to connect to the CiviCRM database over ssl connection.

This PR adds logic to check if DSN is using SSL then pass the option ssl=true

Before

Exception was thrown when using DSN with SSL to connect the database.

Cannot open mysqli://user:password@local:3306/civicrm_db?new_link=true&ca=%2Fetc%2Fmysql%2Fdatabase-certificate.pem: DB Error: connect failed

After

No error is thrown when using DSN with SSL.

[civicrm-builder]

Can one of the admins verify this patch?

[civibot]

(Standard links)

• If this is your first pull-request for CiviCRM, please browse CONTRIBUTING.md for information about the development and testing processes.
• If you are reviewing this pull-request, you may wish to consult the test sites and the Review Standards (long template, short template).

[seamuslee001]

Jenkins add to white list

[seamuslee001]

Jenkins add to whitelist

[seamuslee001]

this seems fine to me @demeritcowboy do you think this will work in this situation or do we need code more like https://github.com/civicrm/civicrm-core/blob/master/CRM/Core/DAO.php#L202

[demeritcowboy]

This is probably fine I was just going to test it since it's been a year since I last looked at this. In my previous WIP on this I had written a blurb as to why I think this is different from the DAO and why it should NOT do something like the pear static: https://github.com/civicrm/civicrm-core/pull/18125/files

[erawat]

@seamuslee001 @demeritcowboy Is there any other things I could do to get this PR merged?

[demeritcowboy]

Thanks for kickstarting this again. Normally I'd suggest writing a unit test but since the test nodes don't use SSL that won't work. As an alternative you could review someone else's PR.

[demeritcowboy]

• General standards
  • [r-explain] Comment
    • I was a little confused because the lab ticket talks about civicrm-setup and links to an outdated github repo, whereas civi installs fine with mysql ssl if using either cv or for example in drupal enabling from the modules page. Where the problem comes up would most commonly be seen during civi upgrade.
  • [r-user] PASS
  • [r-doc] PASS
  • [r-run] PASS
    • I tested using steps similar to the testing steps described at dev/core#1926 - Allow SSL mysql connections for civicrm-setup #18107 but running a civi upgrade. Before the patch it crashes, after the patch all good.
    • Similarly I tested uninstalling civi from the drupal modules page. Crash before, good after.
• Developer standards
  • [r-tech] PASS
  • [r-code] PASS
  • [r-maint] N/A
  • [r-test] PASS

[jamienovick]

Thanks so much for reviewing @demeritcowboy

[erawat]

• General standards

  • [r-explain] Comment

    • I was a little confused because the lab ticket talks about civicrm-setup and links to an outdated github repo, whereas civi installs fine with mysql ssl if using either cv or for example in drupal enabling from the modules page. Where the problem comes up would most commonly be seen during civi upgrade.

  • [r-user] PASS

  • [r-doc] PASS

  • [r-run] PASS

    • I tested using steps similar to the testing steps described at dev/core#1926 - Allow SSL mysql connections for civicrm-setup #18107 but running a civi upgrade. Before the patch it crashes, after the patch all good.
    • Similarly I tested uninstalling civi from the drupal modules page. Crash before, good after.

• Developer standards

  • [r-tech] PASS
  • [r-code] PASS
  • [r-maint] N/A
  • [r-test] PASS

@demeritcowboy Thank you so much for reviewing and merging this.

just to clarify and for reference on how we could produce the issue with civicrm-setup, as we did not use cv core:install command nor enable civicrm from the drupal page. We programmatically install CiviCRM using Civi/Setup class and we got the issue.

See below a snippet how the installation was done.

  $setup = Setup::instance();
    $model = $setup->getModel();
    $model->cmsBaseUrl = $this->getBaseUrl();
    $model->db = [
      'server' => "{$civiDbSettings['host']}:{$civiDbSettings['port']}",
      'username' => $civiDbSettings['username'],
      'password' => $civiDbSettings['password'],
      'database' => $civiDbSettings['database'],
    ];
   $model->db['ssl_params'] = $sslParams;
   $model->cmsDb['ssl_params'] = $sslParams;
   $setup->installFiles();
   $setup->installDatabase();

[demeritcowboy]

Ok thanks - that's interesting because that's very similar to what cv core:install does. Hmm.