Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 Unattended Install: unable to connect to MySQL with TLS #694

Open
wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

🐛 Unattended Install: unable to connect to MySQL with TLS #694

wants to merge 6 commits into from

Conversation

tomrss
Copy link
Contributor

@tomrss tomrss commented Dec 19, 2024

Base information

Question Answer
Related to a SourceForge thead / Another PR / Combodo ticket? No
Type of change? Bug fix

Symptom (bug) / Objective (enhancement)

Unattended install process does not support TLS connections to MySQL.

Reproduction procedure (bug)

  1. On iTop 3.2.0-2 (not related to version)
  2. With PHP 8.3.12 (not related to version)
  3. MySQL instance configured with require_secure_transport=ON
  4. Setup MySQL connections with TLS (config db_tls.enabled and db_tls.ca)
  5. Then launch the setup/unattended-install/unattended-install.php script
  6. Finally, see that the TLS connection to MySQL cannot be established:
Fatal error: Uncaught mysqli_sql_exception: Connections using insecure transport are prohibited while --require_secure_transport=ON. in /var/www/html/setup/unattended-install/unattended-install.php:313

Cause (bug)

TLS connection not implemented in the unattended install script:

iTop/setup/unattended-install/unattended-install.php

Lines 220 to 221 in ea5473a

$oMysqli = new mysqli($sDBServer, $sDBUser, $sDBPwd);
if ($oMysqli->connect_errno)

and

iTop/setup/unattended-install/unattended-install.php

Lines 313 to 314 in ea5473a

$oMysqli = new mysqli($sDBServer, $sDBUser, $sDBPwd);
if (!$oMysqli->connect_errno)

Proposed solution (bug and enhancement)

Add support for TLS connection based on this code in the docs and existing MySQL connection code in the app:

iTop/core/cmdbsource.class.inc.php

Lines 174 to 186 in ea5473a

$oMysqli = new mysqli();
if ($bTlsEnabled)
{
$iFlags = (empty($sTlsCa))
? MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT
: MYSQLI_CLIENT_SSL;
$sTlsCert = null; // not implemented
$sTlsCaPath = null; // not implemented
$sTlsCipher = null; // not implemented
$oMysqli->ssl_set($bTlsEnabled, $sTlsCert, $sTlsCa, $sTlsCaPath, $sTlsCipher);
}
$oMysqli->real_connect($sServer, $sUser, $sPwd, '', $iPort, ini_get("mysqli.default_socket"), $iFlags);

Disclaimer: PHP is not my language, sorry if something is broken or strange! Just let me know and I'll fix it.

Checklist before requesting a review

  • I have performed a self-review of my code
  • I have tested all changes I made on an iTop instance
  • I have added a unit test, otherwise I have explained why I couldn't
  • Is the PR clear and detailed enough so anyone can understand digging in the code?

Hipska
Hipska approved these changes Jan 7, 2025
View reviewed changes
Copy link
Contributor

@Hipska Hipska left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, may as well make use of the return value of the connect method..

setup/unattended-install/unattended-install.php Outdated Show resolved Hide resolved
setup/unattended-install/unattended-install.php Outdated Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hipska Hipska Hipska approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Combodo PRs dashboard
Status: First review needed
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tomrss @Hipska