[Koha-bugs] [Bug 36026] Need TLS MySQL Connection Without Mutual Authentication
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Feb 8 00:11:47 CET 2024
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36026
--- Comment #1 from David Cook <dcook at prosentient.com.au> ---
I just took a look at Koha/Database.pm and I see what you mean:
my $tls = $config->get("tls");
if ($tls && $tls eq 'yes') {
$dsn .= sprintf(
';mysql_ssl=1;mysql_ssl_client_key=%s;mysql_ssl_client_cert=%s;mysql_ssl_ca_file=%s',
$config->get('key'),
$config->get('cert'),
$config->get('ca'),
);
}
It would take a bit of digging to figure out why it was set up this way
originally, but it wouldn't be too hard to change this, so that the client
authentication was optional/separate.
My plate is a bit full at the moment, but if someone wanted to take this on...
they'd need to make a Koha::Database::generate_dsn type function and unit test
it with no tls, tls with no client auth, tls with client auth. If they make the
$config object a parameter of the function, then it would be really easy to
unit test.
Ideally, someone would also do an integration test with a MySQL using SSL. It
would be interesting to add that to the Jenkins CI actually.
If no else does a patch, I could come back to it, but it might be a few weeks
or longer.
I think this is certainly a worthwhile one to do though.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list