[Tickets #7972] SQL SSL support

[bugs at horde.org]

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/7972
------------------------------------------------------------------------------
  Ticket             | 7972
  Created By         | BryanRJ at gmail.com
  Summary            | SQL SSL support
  Queue              | Horde Framework Packages
  Version            | FRAMEWORK_3
  Type               | Enhancement
  State              | New
  Priority           | 1. Low
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


BryanRJ at gmail.com (2009-02-11 15:07) wrote:

Horde as it stands cannot make a secured connection to a remote SQL server.

This is an easy feature to implement: mysqli and PEAR DB both support  
it already.  All that needs to be done is changing  
/lib/Horde/Rdo/Adapter/Mysqli.php on line 171 to use mysqli_init,  
mysqli_ssl_set, and mysqli_real_connect (there is already a comment  
there to that effect) and then going through every call to DB::connect  
(such as the one on nag/lib/Driver/sql.php around line 590) in all  
horde applications and changing two things:
a) add a "ca" to _params
b) add "ssl"=>true in the options array passed to DB::connect

So, steps to implement this:
1) Add the user interface to accept a SSL CA against which to verify  
the server (and, if you like, a client cert/key to use) and a checkbox  
for enabling SSL
2) Modify the MySQLi Rdo adaptor to use these options
3) Modify each call to DB::connect to use these options

I completed these steps myself and verified that horde and its  
applications can now access a database where I gave the horde user  
"grant all privileges ... require ssl" permissions.  Previously the  
database connection failed.  All told, this work took twenty minutes,  
although I hardcoded my CA cert instead of actually adding an option  
to conf.php.