Added flag to disable server certificate validation via Mysql DSN argument (#6848)

5 years ago · a80c5569ab
parent 6daefc3d45
commit a80c5569ab
3 changed files with 10 additions and 1 deletions
--- a/1
+++ b/1
@ -12,6 +12,7 @@ CHANGELOG Roundcube Webmail
 - installto.sh: Add possibility to run the update even on the up-to-date installation (#6533)
 - Plugin API: Add 'render_folder_selector' hook
 - Added 'keyservers' option to define list of HKP servers for Enigma/Mailvelope (#6326)
+- Added flag to disable server certificate validation via Mysql DSN argument (#6848)
 - Changes in `display_next` setting (#6795):
    - Move it to Preferences > User Interface > Main Options
    - Make it apply to Contacts interface too
--- a/config/defaults.inc.php
+++ b/config/defaults.inc.php
@ -27,8 +27,12 @@ $config = array();
 // Format (compatible with PEAR MDB2): db_provider://user:password@host/database
 // Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
 // For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
-// NOTE: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
+// Note: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
 //       or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
+// Note: Various drivers support various additional arguments for connection,
+//       for Mysql: key, cipher, cert, capath, ca, verify_server_cert,
+//       for Postgres: application_name, sslmode, sslcert, sslkey, sslrootcert, sslcrl, sslcompression, service.
+//       e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false'
 $config['db_dsnw'] = 'mysql://roundcube:@localhost/roundcubemail';

 // Database DSN for read-only operations (if empty write database will be used)
--- a/program/lib/Roundcube/db/mysql.php
+++ b/program/lib/Roundcube/db/mysql.php
@ -141,6 +141,10 @@ class rcube_db_mysql extends rcube_db
            $result[PDO::MYSQL_ATTR_SSL_CA] = $dsn['ca'];
        }

+        if (isset($dsn['verify_server_cert'])) {
+            $result[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = rcube_utils::get_boolean($dsn['verify_server_cert']);
+        }
+
        // Always return matching (not affected only) rows count
        $result[PDO::MYSQL_ATTR_FOUND_ROWS] = true;