CodeIgniter Forums
Possible bug in Connection.php --> Connection to encrypted ssl database - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: General Help (https://forum.codeigniter.com/forum-24.html)
+--- Thread: Possible bug in Connection.php --> Connection to encrypted ssl database (/thread-79005.html)



Possible bug in Connection.php --> Connection to encrypted ssl database - fedeburo - 04-07-2021

Hi, i started a thread a few days ago, about having problems with connecting to database encrypted with ssl...
The problem is the following:

I need to make a:
mysqli->ssl_set(null, null,null,....), and then
mysqli_real_connect($mysqli, $hostname,$username, $password, $database, $port,null, MYSQLI_CLIENT_SSL);

The problem is that seeing the documentation, there is not so much information of how to do this (is all done automatically filling the encrypt array of the database configs), so i started dagging into codeigniter libraries...

I found the class that make the connection that is Connection.php, and seeing the code, i realize that it is impossible to gather a connection as i want, because in order to set the clientFlag to MYSQLI_CLIENT_SSL, it is needed that one of the paths of the encrypt part of the database config is fullfill (line 130 if (!empty($ssl)):

$ssl = [];

            empty($this->encrypt['ssl_key'])    || $ssl['key']    = $this->encrypt['ssl_key'];
            empty($this->encrypt['ssl_cert'])   || $ssl['cert']   = $this->encrypt['ssl_cert'];
            empty($this->encrypt['ssl_ca'])     || $ssl['ca']     = $this->encrypt['ssl_ca'];
            empty($this->encrypt['ssl_capath']) || $ssl['capath'] = $this->encrypt['ssl_capath'];
            empty($this->encrypt['ssl_cipher']) || $ssl['cipher'] = $this->encrypt['ssl_cipher'];

            if (! empty($ssl))
            {

         .....


I need to make this type of connection automatically with the driver of mysqli (in other apps that dont use codeigniter is done), without putting any path.
$this->mysqli->ssl_set(
                    $ssl['key'] ?? null$ssl['cert'] ?? null$ssl['ca'] ?? null,
                    $ssl['capath'] ?? null$ssl['cipher'] ?? null
                );
this should also be null, null,null ...

And then the call to:
$this->mysqli->real_connect($hostname$this->username$this->password,
                $this->database$port$socket(should be null)$clientFlags).


I realize that changing the code of Connection.php, the line number 130:

if (! empty($ssl))  --> to if (empty($ssl)) 


or without that if, the connection is done correctly. Is this a bug?

In few words, i want to make an ssl connection with all the params of ssl_set to null so all the paths should be null.

What would be the solution?

this id the Database.php encrypt array that i have:
'encrypt' => array(
            'ssl_ca' => '',
            'ssl_verify' =>false),

  

If i put the real path in 'ssl_ca', this wont work. Is there a way to access to this part of Connection.php, without putting any path? Because the actual mysqli version support making this connections with the paths to NULL.