A security requirement for Classic developers requires a SSL and certificates to access remote mysql servers. D7 supports passing additional PDO options to database connections in settings.php. But, drush does not allow passing optional driver_options to PDO constructors.

Comments

bdone’s picture

Status: Active » Needs review
FileSize
2.37 KB

this patch adds PDO SSL support

greg.1.anderson’s picture

Seems like a good idea overall, but I am unsure about this line:

+          @mysqli_options($connection, MYSQLI_READ_DEFAULT_FILE, '/etc/mysql/my.cnf');

Is there any way this could be made more cross-platform, e.g. so that it does not just silently fail on Windows?

JWSmith’s picture

Correcting patch. Missing parameter in mysql_connect command.

Also would like to add, that this works for SSL connections on Drupal 6.x as well, but needs the patch here (https://drupal.org/node/1438766#comment-7104986) applied to Drupal 6.x for everything to work correctly.

JWSmith’s picture

That command works in our environment, although it should probably configurable for the path. That portion is only used when dealing with Drupal 6.x.

The patch I linked to in Comment #3, could probably be worked into drush as well, which should make this more usable in a general nature.

https://drupal.org/node/1438766#comment-7104986

moshe weitzman’s picture

Status: Needs review » Needs work

Needs work for the path. In general, I'm not feeling much need for this. Drush has been around for years and noone asked for it. That makes it a pretty far edge case.

deekayen’s picture

I know highlights magazine has needed various MySQL SSL support. I'll see if I can get Angela Gann or her minions to comment as well.

I agree, he patch probably goes nowhere until the my.cnf path is resolved.

moshe weitzman’s picture

deekayen’s picture

Title: Add PDO SSL support to Drush » Add PDO options support to Drush

I think the SSL reasoning for adding this support is misleading. There are a bunch of PDO options you could pass to the connection other than just SSL information. #1309278: Make PDO connection options configurable is one of the related Drupal core issues.

deekayen’s picture

https://gist.github.com/deekayen/5687918 is related, too, but for older Drupal. Just another approach at doing SSL to MySQL.

JWSmith’s picture

Version: 7.x-5.x-dev » 8.x-6.x-dev
Issue tags: +#ssl #mysql #mysqli #pdo
FileSize
3.83 KB

I've attached a reworked patch that will pick up the path for the my.cnf file from the sites settings.php file.

I've submitted a patch for d6.x here - https://drupal.org/node/1438766. This patch would require the patch for D6.x to be applied, or accepted into D6.x core before it would be fully functional.

This patch also enables use of the pdo options array in Drupal 7.x core, which are not currently supported by Drush.

Patch was created against the latest 8.x-6.x-dev branch.

JWSmith’s picture

Status: Needs work » Needs review
FileSize
3.18 KB

Although the current 8.x-6.x (aka Drush 6.0-dev) branch includes minimal support for using PDO options out of the box on Drupal 6.x sites. The above patch will work with both Drupal 7.x and Drupal 6.x sites when using an SSL DB connection.

I've attached a new patch against the latest 8.x-6.x branch.

Edit: This would still need the patch linked to in comment #'s 3/4 to either be applied to Drupal 6.x or merged into D6.x core.

moshe weitzman’s picture

Status: Needs review » Postponed (maintainer needs more info)

this needs more support before it will be considered further.

greg.1.anderson’s picture

Status: Postponed (maintainer needs more info) » Closed (won't fix)
Issue tags: +needs migration

This issue was marked closed (won't fix) because Drush has moved to Github.

If this feature is still desired, you may copy it to our Github project. For best results, create a Pull Request that has been updated for the master branch. Post a link here to the PR, and please also change the status of this issue to closed (duplicate).

Please ask support questions on Drupal Answers.

colan’s picture

Issue summary: View changes
Status: Closed (won't fix) » Closed (duplicate)