I need to change an old Symfony 1.4 application so that it’s able to connect to mysql via ssl-connection.
I found a lot about this for Symfony >= 2. But unfortunately not for this dusty one.
For validation purposes I already made it work by editing
./apps/frontend/lib/vendor/symfony/lib/plugins/sfDoctrinePlugin/lib/vendor/doctrine/Connection.php
$this->dbh = new PDO($this->options['dsn'], $this->options['username'], (!$this->options['password'] ? '':$this->options['password']), array(PDO::ATTR_PERSISTENT => true));
to
$this->dbh = new PDO($this->options['dsn'], $this->options['username'], (!$this->options['password'] ? '':$this->options['password']), array(PDO::ATTR_PERSISTENT => true, PDO::MYSQL_ATTR_SSL_KEY => '/etc/my.cnf.d/ssl/client-key.pem', PDO::MYSQL_ATTR_SSL_CERT => '/etc/my.cnf.d/ssl/client-cert.pem', PDO::MYSQL_ATTR_SSL_CA => '/etc/my.cnf.d/ssl/ca-cert.pem'));
But I wonder if this ugly hack is actually the only solution?
Advertisement
Answer
It took me a while to see that this connection class is already overwritten (apps/frontend/lib…).
So I only had to make these variables configurable. There is an option in databases.yml configuration called attributes (doctrine::param::attributes). If you pass non-string keys you can get them with getAttribute.
So at least it works (it’s inside the try area of connect-method).
$sslOptionKeys = array(PDO::MYSQL_ATTR_SSL_KEY, PDO::MYSQL_ATTR_SSL_CERT, PDO::MYSQL_ATTR_SSL_CA); foreach($sslOptionKeys as $sslOptionKey) { if(array_key_exists($sslOptionKey, $this->pendingAttributes)) { $pdoOptions[$sslOptionKey] = $this->getAttribute($sslOptionKey); } } $this->dbh = new PDO($this->options['dsn'], $this->options['username'], (!$this->options['password'] ? '':$this->options['password']), $pdoOptions);
In databases.yml you will have to type the following (comments help to understand these numbers)
all: doctrine: class: sfDoctrineDatabase param: dsn: mysql:host=localhost;dbname=db username: user password: pass encoding: utf8 attributes: #PDO::MYSQL_ATTR_SSL_KEY 1010: /etc/my.cnf.d/ssl/client-key.pem #PDO::MYSQL_ATTR_SSL_CERT 1011: /etc/my.cnf.d/ssl/client-cert.pem #PDO::MYSQL_ATTR_SSL_CA 1012: /etc/my.cnf.d/ssl/ca-cert.pem