Bug 906191 - Introduce SSL for Bugzilla DB connections for MySQL

r=simon, a=glob git-svn-id: svn://10.0.0.236/trunk@265099 18797224-902f-48f8-a5cc-f745e15eee43
2013-11-04 23:49:36 +00:00 · 2013-11-04 23:49:36 +00:00 · 18787e4f04
commit 18787e4f04
parent 5b69391177
4 changed files with 45 additions and 1 deletions
--- a/mozilla/webtools/bugzilla/.bzrrev
+++ b/mozilla/webtools/bugzilla/.bzrrev
@ -1 +1 @@
-8802
+8803
--- a/mozilla/webtools/bugzilla/Bugzilla/DB/Mysql.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/DB/Mysql.pm
@ -58,6 +58,18 @@ sub new {
        mysql_auto_reconnect => 1,
    );
    
+    # MySQL SSL options
+    my ($ssl_ca_file, $ssl_ca_path, $ssl_cert, $ssl_key) =
+        @$params{qw(db_mysql_ssl_ca_file db_mysql_ssl_ca_path
+                    db_mysql_ssl_client_cert db_mysql_ssl_client_key)};
+    if ($ssl_ca_file || $ssl_ca_path || $ssl_cert || $ssl_key) {
+        $attrs{'mysql_ssl'}             = 1;
+        $attrs{'mysql_ssl_ca_file'}     = $ssl_ca_file if $ssl_ca_file;
+        $attrs{'mysql_ssl_ca_path'}     = $ssl_ca_path if $ssl_ca_path;
+        $attrs{'mysql_ssl_client_cert'} = $ssl_cert    if $ssl_cert;
+        $attrs{'mysql_ssl_client_key'}  = $ssl_key     if $ssl_key;
+    }
+
    my $self = $class->db_new({ dsn => $dsn, user => $user, 
                                pass => $pass, attrs => \%attrs });

--- a/mozilla/webtools/bugzilla/Bugzilla/Install/Localconfig.pm
+++ b/mozilla/webtools/bugzilla/Bugzilla/Install/Localconfig.pm
@ -79,6 +79,22 @@ use constant LOCALCONFIG_VARS => (
        name    => 'db_check',
        default => 1,
    },
+    {
+        name    => 'db_mysql_ssl_ca_file',
+        default => '',
+    },
+    {
+        name    => 'db_mysql_ssl_ca_path',
+        default => '',
+    },
+    {
+        name    => 'db_mysql_ssl_client_cert',
+        default => '',
+    },
+    {
+        name    => 'db_mysql_ssl_client_key',
+        default => '',
+    },
    {
        name    => 'index_html',
        default => 0,
--- a/mozilla/webtools/bugzilla/template/en/default/setup/strings.txt.pl
+++ b/mozilla/webtools/bugzilla/template/en/default/setup/strings.txt.pl
@ -196,6 +196,22 @@ blank, then MySQL's compiled-in default will be used. You probably
 want that.
 END
    localconfig_db_user => "Who we connect to the database as.",
+    localconfig_db_mysql_ssl_ca_file => <<'END',
+Path to a PEM file with a list of trusted SSL CA certificates.
+The file must be readable by web server user.
+END
+    localconfig_db_mysql_ssl_ca_path => <<'END',
+Path to a directory containing trusted SSL CA certificates in PEM format.
+Directory and files inside must be readable by the web server user.
+END
+    localconfig_db_mysql_ssl_client_cert => <<'END',
+Full path to the client SSL certificate in PEM format we will present to the DB server.
+The file must be readable by web server user.
+END
+    localconfig_db_mysql_ssl_client_key => <<'END',
+Full path to the private key corresponding to the client SSL certificate.
+The file must not be password-protected and must be readable by web server user.
+END
    localconfig_diffpath => <<'END',
 For the "Difference Between Two Patches" feature to work, we need to know
 what directory the "diff" bin is in. (You only need to set this if you