Fix bug #76809 (SSL settings aren't respected when persistent connection is reused)

author: Fábio Souto <fabio.souto@miniclip.com> 2018-09-03 17:18:37 +0100
committer: Joe Watkins <krakjoe@php.net> 2019-10-03 06:56:21 +0200
commit: 9a2b42a5c1144e6a50c742d6a6d2007828830b24 (patch)
tree: c5af9a98b686a62685372d30d337944912e5c597
parent: 05560b67bc87a2bcbfd5b48a48443a62f3311e7d (diff)
download: php-git-9a2b42a5c1144e6a50c742d6a6d2007828830b24.tar.gz
2 files changed, 57 insertions, 4 deletions
diff --git a/NEWS b/NEWS
index 17d77557bf..550de2e252 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,10 @@ PHP                                                                        NEWS
   . Fixed bug #78609 (mb_check_encoding() no longer supports stringable
     objects). (cmb)
 
+- MySQLi:
+  . Fixed bug #76809 (SSL settings aren't respected when persistent connections 
+    are used). (fabiomsouto)
+
 - Standard:
   . Fixed bug #76342 (file_get_contents waits twice specified timeout).
     (Thomas Calvet)
diff --git a/ext/mysqli/mysqli_nonapi.c b/ext/mysqli/mysqli_nonapi.c
index bc72c838af..89b605cf87 100644
--- a/ext/mysqli/mysqli_nonapi.c
+++ b/ext/mysqli/mysqli_nonapi.c
@@ -61,10 +61,12 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_real_conne
 	MY_MYSQL			*mysql = NULL;
 	MYSQLI_RESOURCE		*mysqli_resource = NULL;
 	zval				*object = getThis();
-	char				*hostname = NULL, *username=NULL, *passwd=NULL, *dbname=NULL, *socket=NULL;
-	size_t					hostname_len = 0, username_len = 0, passwd_len = 0, dbname_len = 0, socket_len = 0;
-	zend_bool			persistent = FALSE;
-	zend_long				port = 0, flags = 0;
+	char				*hostname = NULL, *username=NULL, *passwd=NULL, *dbname=NULL, *socket=NULL,
+						*ssl_key = NULL, *ssl_cert = NULL, *ssl_ca = NULL, *ssl_capath = NULL,
+						*ssl_cipher = NULL;
+	size_t				hostname_len = 0, username_len = 0, passwd_len = 0, dbname_len = 0, socket_len = 0;
+	zend_bool			persistent = FALSE, ssl = FALSE;
+	zend_long			port = 0, flags = 0;
 	zend_string			*hash_key = NULL;
 	zend_bool			new_connection = FALSE;
 	zend_resource		*le;
@@ -189,6 +191,33 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_real_conne
 
 								goto end;
 							} else {
+#ifdef MYSQLI_USE_MYSQLND
+								if (mysql->mysql->data->vio->data->ssl) {
+									/* copy over pre-existing ssl settings so we can reuse them when reconnecting */
+									ssl = TRUE;
+
+									ssl_key = my_estrdup(mysql->mysql->data->vio->data->options.ssl_key);
+									ssl_cert = my_estrdup(mysql->mysql->data->vio->data->options.ssl_cert);
+									ssl_ca = my_estrdup(mysql->mysql->data->vio->data->options.ssl_ca);
+									ssl_capath = my_estrdup(mysql->mysql->data->vio->data->options.ssl_capath);
+									ssl_cipher = my_estrdup(mysql->mysql->data->vio->data->options.ssl_cipher);
+								}
+#else
+								if (mysql->mysql->options.ssl_key
+										|| mysql->mysql->options.ssl_cert
+										|| mysql->mysql->options.ssl_ca
+										|| mysql->mysql->options.ssl_capath
+										|| mysql->mysql->options.ssl_cipher) {
+									/* copy over pre-existing ssl settings so we can reuse them when reconnecting */
+									ssl = TRUE;
+
+									ssl_key = my_estrdup(mysql->mysql->options.ssl_key);
+									ssl_cert = my_estrdup(mysql->mysql->options.ssl_cert);
+									ssl_ca = my_estrdup(mysql->mysql->options.ssl_ca);
+									ssl_capath = my_estrdup(mysql->mysql->options.ssl_capath);
+									ssl_cipher = my_estrdup(mysql->mysql->options.ssl_cipher);
+								}
+#endif
 								mysqli_close(mysql->mysql, MYSQLI_CLOSE_IMPLICIT);
 								mysql->mysql = NULL;
 							}
@@ -241,8 +270,28 @@ void mysqli_common_connect(INTERNAL_FUNCTION_PARAMETERS, zend_bool is_real_conne
 	/* BC for prior to bug fix #53425 */
 	flags |= CLIENT_MULTI_RESULTS;
 
+	if (ssl) {
+		/* if we're here, this means previous conn was ssl, repopulate settings */
+		mysql_ssl_set(mysql->mysql, ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher);
+
+		my_efree(ssl_key);
+		my_efree(ssl_cert);
+		my_efree(ssl_ca);
+		my_efree(ssl_capath);
+		my_efree(ssl_cipher);
+	}
 	if (mysql_real_connect(mysql->mysql, hostname, username, passwd, dbname, port, socket, flags) == NULL)
 #else
+	if (ssl) {
+		/* if we're here, this means previous conn was ssl, repopulate settings */
+		mysql_ssl_set(mysql->mysql, ssl_key, ssl_cert, ssl_ca, ssl_capath, ssl_cipher);
+
+		my_efree(ssl_key);
+		my_efree(ssl_cert);
+		my_efree(ssl_ca);
+		my_efree(ssl_capath);
+		my_efree(ssl_cipher);
+	}
 	if (mysqlnd_connect(mysql->mysql, hostname, username, passwd, passwd_len, dbname, dbname_len,
 						port, socket, flags, MYSQLND_CLIENT_KNOWS_RSET_COPY_DATA) == NULL)
 #endif
author	Fábio Souto <fabio.souto@miniclip.com>	2018-09-03 17:18:37 +0100
committer	Joe Watkins <krakjoe@php.net>	2019-10-03 06:56:21 +0200
commit	9a2b42a5c1144e6a50c742d6a6d2007828830b24 (patch)
tree	c5af9a98b686a62685372d30d337944912e5c597
parent	05560b67bc87a2bcbfd5b48a48443a62f3311e7d (diff)
download	php-git-9a2b42a5c1144e6a50c742d6a6d2007828830b24.tar.gz