CODEWITHSUNDEEP
phpmysqlssldoctrinesymfony-1.4
anse
anse

Reputation: 87

Symfony 1.4 connect to mysql via SSL

I need to change an old Symfony 1.4 application so that it's able to connect to mysql via ssl-connection.

I found a lot about this for Symfony >= 2. But unfortunately not for this dusty one.

For validation purposes I already made it work by editing

./apps/frontend/lib/vendor/symfony/lib/plugins/sfDoctrinePlugin/lib/vendor/doctrine/Connection.php

$this->dbh = new PDO($this->options['dsn'], $this->options['username'],
(!$this->options['password'] ? '':$this->options['password']), array(PDO::ATTR_PERSISTENT => true));

to

$this->dbh = new PDO($this->options['dsn'], $this->options['username'],
(!$this->options['password'] ? '':$this->options['password']),  
array(PDO::ATTR_PERSISTENT => true,                           
PDO::MYSQL_ATTR_SSL_KEY  => '/etc/my.cnf.d/ssl/client-key.pem',        
PDO::MYSQL_ATTR_SSL_CERT => '/etc/my.cnf.d/ssl/client-cert.pem',        
PDO::MYSQL_ATTR_SSL_CA   => '/etc/my.cnf.d/ssl/ca-cert.pem'));

But I wonder if this ugly hack is actually the only solution?

Upvotes: 2

Views: 561

Answers (2)

Jack
Jack

Reputation: 103

We found that the attributes array was not working. We had to add an event listener that listened for the doctrine 'doctrine.configure_connection' event and set the properties on the connection directly.

class ProjectConfiguration extends sfProjectConfiguration
{
  public function setup()
  {
       //existing code
       
       $this->dispatcher->connect('doctrine.configure_connection', array(
        'ProjectConfiguration','addConnectionSSL'
       ));  
  }

   static public function addConnectionSSL(sfEvent $event){
     $connection = $event->getParameters()['connection']; 
     /* @var $connection Doctrine_Manager */
     $other = $connection->getOption('other');
     if(!is_array($other)) $other=array();
     $other[PDO::MYSQL_ATTR_SSL_CA] = "PATH_TO_CERT_FILE"; //Set this to actual path. You can also set other properties in the same way.
     $connection->setOption('other',$other);
  }
}

Upvotes: 1

anse
anse

Reputation: 87

It took me a while to see that this connection class is already overwritten (apps/frontend/lib...).

So I only had to make these variables configurable. There is an option in databases.yml configuration called attributes (doctrine::param::attributes). If you pass non-string keys you can get them with getAttribute.

So at least it works (it's inside the try area of connect-method).

$sslOptionKeys = array(PDO::MYSQL_ATTR_SSL_KEY, PDO::MYSQL_ATTR_SSL_CERT, PDO::MYSQL_ATTR_SSL_CA);

foreach($sslOptionKeys as $sslOptionKey) {
   if(array_key_exists($sslOptionKey, $this->pendingAttributes)) {
       $pdoOptions[$sslOptionKey] = $this->getAttribute($sslOptionKey);
   }
}

$this->dbh = new PDO($this->options['dsn'], $this->options['username'],
                     (!$this->options['password'] ? '':$this->options['password']),
                     $pdoOptions);

In databases.yml you will have to type the following (comments help to understand these numbers)

all:
  doctrine:
    class: sfDoctrineDatabase
    param:
      dsn:      mysql:host=localhost;dbname=db
      username: user
      password: pass
      encoding: utf8
      attributes:
        #PDO::MYSQL_ATTR_SSL_KEY
        1010: /etc/my.cnf.d/ssl/client-key.pem
        #PDO::MYSQL_ATTR_SSL_CERT
        1011: /etc/my.cnf.d/ssl/client-cert.pem
        #PDO::MYSQL_ATTR_SSL_CA
        1012: /etc/my.cnf.d/ssl/ca-cert.pem

Upvotes: 1

Related Questions