My primary need for this feature would allow connections from my client web servers by SSL to a separate MySQL server. To do so, the mysql and mysqli drivers require additional client connection parameters which require hacking the core install each time I deploy a site. For the past two years or so, the patch has looked like this.

--- includes/     2011-12-08 08:44:40.478961913 -0500
+++ includes/  2011-12-08 08:56:52.972954928 -0500
@@ -73,7 +73,9 @@
   //   server.
   // - 2 means CLIENT_FOUND_ROWS: return the number of found
   //   (matched) rows, not the number of affected rows.
-  $connection = @mysql_connect($url['host'], $url['user'], $url['pass'], TRUE, 2);
+// begin cgedit
+  $connection = @mysql_connect($url['host'], $url['user'], $url['pass'], TRUE, 2 | MYSQL_CLIENT_SSL);
+// end cgedit
   if (!$connection || !mysql_select_db(substr($url['path'], 1))) {
     // Show error screen otherwise
--- includes/    2011-12-08 08:44:46.975961851 -0500
+++ includes/ 2011-12-08 08:48:41.571959614 -0500
@@ -72,7 +72,11 @@

   $connection = mysqli_init();
-  @mysqli_real_connect($connection, $url['host'], $url['user'], $url['pass'], substr($url['path'], 1), $url['port'], NULL, MYSQLI_CLIENT_FOUND_ROWS);
+  // begin cgedit
+  @mysqli_options($connection, MYSQLI_READ_DEFAULT_FILE, '/etc/mysql/my.cnf');
+  @mysqli_real_connect($connection, $url['host'], $url['user'], $url['pass'], substr($url['path'], 1), $url['port'], NULL, MYSQLI_CLIENT_FOUND_ROWS | MYSQLI_CLIENT_SSL);
+  // end cgedit

   if (mysqli_connect_errno() > 0) {

Rather than maintain this patch for each deployment, I'd like to be able to configure them from each settings.php file.

#3 d6-ssl-477684-3.patch5.56 KBJWSmith
PASSED: [[SimpleTest]]: [MySQL] 190 pass(es). View
#2 d6-ssl-477684-2.patch3.88 KBJWSmith
PASSED: [[SimpleTest]]: [MySQL] 190 pass(es). View
configure-mysql-connection.patch5.43 KBdeekayen
PASSED: [[SimpleTest]]: [MySQL] 190 pass(es). View


deekayen’s picture

I guess I should clarify the state. My concern with the patch the way it is now, is the binary addition. Note in the inline patch, the two client variables are added by a pipe rather than the mathematical plus sign. Passing the pipe style addition in the db_url or doing it somehow in db_get_client_flag() seems more correct to me.

JWSmith’s picture

Status: Needs work » Needs review
3.88 KB
PASSED: [[SimpleTest]]: [MySQL] 190 pass(es). View

This should do it for connecting with the mysql or mysqli modules methods. Configuration is handled with additional global variables added to the settings.php file. Example configuration provided in sites/default/default.settings.php.

JWSmith’s picture

5.56 KB
PASSED: [[SimpleTest]]: [MySQL] 190 pass(es). View

This an enhanced patched created after some discussion on a similar patch I submitted for drush. ( The Drupal 6.x branch would need this patch applied in order for the Drush patch for SSL to work properly with Drupal 6.x sites.

Patch now provides 2 methods of configuring SSL connectivity for mysql. A total of 5 options make up the configuration for the SSL connection.

When using mysql driver, no additional configuration would be needed other than setting "$db_ssl = TRUE;" in the sites settings.php file.

When using the mysqli driver, two (2) configuration options are available.

  1. If you have an my.cnf file already configured with your SSL credentials, then you can simply set the following in your settings.php file.
    $db_ssl = TRUE;
    $db_my_cnf = '/path/to/my.cnf';
  2. Alternatively, you set the path to the certificates separately with:
    $db_ssl = TRUE;
    $db_ssl_ca = '/path/to/ca.crt';
    $db_ssl_key = '/path/to/certificate.key';
    $db_ssl_cert = '/path/to/certificate.crt';

Full documentation is provided in the patch for default.settings.php

Status: Needs review » Closed (outdated)

Automatically closed because Drupal 6 is no longer supported. If the issue verifiably applies to later versions, please reopen with details and update the version.