From 18787e4f04ccc4b9100c8f7b1fa6c46d6bf2e2f3 Mon Sep 17 00:00:00 2001 From: "bzrmirror%bugzilla.org" Date: Mon, 4 Nov 2013 23:49:36 +0000 Subject: [PATCH] Bug 906191 - Introduce SSL for Bugzilla DB connections for MySQL r=simon, a=glob git-svn-id: svn://10.0.0.236/trunk@265099 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/webtools/bugzilla/.bzrrev | 2 +- mozilla/webtools/bugzilla/Bugzilla/DB/Mysql.pm | 12 ++++++++++++ .../bugzilla/Bugzilla/Install/Localconfig.pm | 16 ++++++++++++++++ .../template/en/default/setup/strings.txt.pl | 16 ++++++++++++++++ 4 files changed, 45 insertions(+), 1 deletion(-) diff --git a/mozilla/webtools/bugzilla/.bzrrev b/mozilla/webtools/bugzilla/.bzrrev index 8fdce15eeae..78e4c740caa 100644 --- a/mozilla/webtools/bugzilla/.bzrrev +++ b/mozilla/webtools/bugzilla/.bzrrev @@ -1 +1 @@ -8802 \ No newline at end of file +8803 \ No newline at end of file diff --git a/mozilla/webtools/bugzilla/Bugzilla/DB/Mysql.pm b/mozilla/webtools/bugzilla/Bugzilla/DB/Mysql.pm index 908e127219b..9c636e2b43e 100644 --- a/mozilla/webtools/bugzilla/Bugzilla/DB/Mysql.pm +++ b/mozilla/webtools/bugzilla/Bugzilla/DB/Mysql.pm @@ -58,6 +58,18 @@ sub new { mysql_auto_reconnect => 1, ); + # MySQL SSL options + my ($ssl_ca_file, $ssl_ca_path, $ssl_cert, $ssl_key) = + @$params{qw(db_mysql_ssl_ca_file db_mysql_ssl_ca_path + db_mysql_ssl_client_cert db_mysql_ssl_client_key)}; + if ($ssl_ca_file || $ssl_ca_path || $ssl_cert || $ssl_key) { + $attrs{'mysql_ssl'} = 1; + $attrs{'mysql_ssl_ca_file'} = $ssl_ca_file if $ssl_ca_file; + $attrs{'mysql_ssl_ca_path'} = $ssl_ca_path if $ssl_ca_path; + $attrs{'mysql_ssl_client_cert'} = $ssl_cert if $ssl_cert; + $attrs{'mysql_ssl_client_key'} = $ssl_key if $ssl_key; + } + my $self = $class->db_new({ dsn => $dsn, user => $user, pass => $pass, attrs => \%attrs }); diff --git a/mozilla/webtools/bugzilla/Bugzilla/Install/Localconfig.pm b/mozilla/webtools/bugzilla/Bugzilla/Install/Localconfig.pm index 3fa25372981..d469e13abff 100644 --- a/mozilla/webtools/bugzilla/Bugzilla/Install/Localconfig.pm +++ b/mozilla/webtools/bugzilla/Bugzilla/Install/Localconfig.pm @@ -79,6 +79,22 @@ use constant LOCALCONFIG_VARS => ( name => 'db_check', default => 1, }, + { + name => 'db_mysql_ssl_ca_file', + default => '', + }, + { + name => 'db_mysql_ssl_ca_path', + default => '', + }, + { + name => 'db_mysql_ssl_client_cert', + default => '', + }, + { + name => 'db_mysql_ssl_client_key', + default => '', + }, { name => 'index_html', default => 0, diff --git a/mozilla/webtools/bugzilla/template/en/default/setup/strings.txt.pl b/mozilla/webtools/bugzilla/template/en/default/setup/strings.txt.pl index 63eb3a3fd26..0d572446122 100644 --- a/mozilla/webtools/bugzilla/template/en/default/setup/strings.txt.pl +++ b/mozilla/webtools/bugzilla/template/en/default/setup/strings.txt.pl @@ -196,6 +196,22 @@ blank, then MySQL's compiled-in default will be used. You probably want that. END localconfig_db_user => "Who we connect to the database as.", + localconfig_db_mysql_ssl_ca_file => <<'END', +Path to a PEM file with a list of trusted SSL CA certificates. +The file must be readable by web server user. +END + localconfig_db_mysql_ssl_ca_path => <<'END', +Path to a directory containing trusted SSL CA certificates in PEM format. +Directory and files inside must be readable by the web server user. +END + localconfig_db_mysql_ssl_client_cert => <<'END', +Full path to the client SSL certificate in PEM format we will present to the DB server. +The file must be readable by web server user. +END + localconfig_db_mysql_ssl_client_key => <<'END', +Full path to the private key corresponding to the client SSL certificate. +The file must not be password-protected and must be readable by web server user. +END localconfig_diffpath => <<'END', For the "Difference Between Two Patches" feature to work, we need to know what directory the "diff" bin is in. (You only need to set this if you