[wp-trac] [WordPress Trac] #28625: Enhancement: Add constants to support SSL connections for mysqli
WordPress Trac
noreply at wordpress.org
Sat Jun 24 11:39:53 UTC 2023
#28625: Enhancement: Add constants to support SSL connections for mysqli
----------------------------------------+-----------------------------
Reporter: hypertextranch | Owner: (none)
Type: enhancement | Status: assigned
Priority: normal | Milestone: Future Release
Component: Database | Version: 4.0
Severity: normal | Resolution:
Keywords: has-patch needs-unit-tests | Focuses: privacy
----------------------------------------+-----------------------------
Comment (by miahdsl):
Replying to [comment:22 hypertextranch]:
>
> I believe it depends on your server setup, if the system MySQL client
was installed with trusted root certs and your database is using a
key/cert that's signed by a root cert that you trust on the client then
just adding the `MYSQLI_CLIENT_SSL` flag is enough. On modern systems with
more root CAs preinstalled and use of cloud based database services that
configure and install keys signed by common root CAs the need to
explicitly set custom keys/certs/CAs becomes less needed.
>
> This issue / patch was made for a time when things like
https://letsencrypt.org didn't exist and spinning up a database didn't
always come with a cert and might mean needing to generate random self-
signed stuff.
Actually this patch is more pertinent now than you might think.
Specifically, being able to specify a key/cert/ca at the client side
allows the server to reject connections with untrusted certificates. Some
of the cloud hosting environments require a client side key/cert to be
used.
Would very much like to see this rolled into core.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28625#comment:24>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list