Skip to content

add SSL connection check option #1107

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
TatevikGr wants to merge 2 commits into
base: release-3.7.0
Choose a base branch
from
Open

add SSL connection check option #1107

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
828df76
add SSL connection check option
tatevikg1 May 6, 2026
a5ef244
Add configuration for ca cert path
tatevikg1 May 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 20 additions & 4 deletions public_html/lists/admin/mysqli.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@ if (!function_exists("mysqli_init")) {

function Sql_Connect($host, $user, $password, $database)
{
global $database_port, $database_socket, $database_connection_compression, $database_connection_ssl;
global $database_port, $database_socket, $database_connection_compression;
global $database_connection_ssl, $database_connection_ssl_force, $database_connection_ssl_ca;

if (!$host || !$user) {
header('HTTP/1.0 500 Cannot connect to database');
Expand All @@ -20,10 +21,27 @@ function Sql_Connect($host, $user, $password, $database)
}
$db = mysqli_init();
$compress = empty($database_connection_compression) ? 0 : MYSQLI_CLIENT_COMPRESS;
$secure = empty($database_connection_ssl) ? 0 : MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT;
$secure = 0;
if (!empty($database_connection_ssl)) {
$secure = MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT;
}
if (!empty($database_connection_ssl_force)) {
$secure = MYSQLI_CLIENT_SSL;
}

mysqli_report(MYSQLI_REPORT_OFF);

if (!empty($database_connection_ssl_ca)) {
mysqli_ssl_set(
$db,
null,
null,
realpath($database_connection_ssl_ca),
null,
null
);
}

if (!mysqli_real_connect($db, $host, $user, $password, $database, $database_port, $database_socket, $compress | $secure)) {
$errno = mysqli_connect_errno();

Expand Down Expand Up @@ -427,5 +445,3 @@ function sql_escape($text)
return '';
}
}


9 changes: 8 additions & 1 deletion public_html/lists/config/config_extended.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,16 @@
// enable database connection compression
$database_connection_compression = false;

// force database connection to use SSL
// Use SSL/TLS for the database connection.
$database_connection_ssl = false;

// Set to true if MySQL is configured with require_secure_transport=ON.
$database_connection_ssl_force = false;

// If the database user requires SSL, set this to the path
// of the CA certificate used to verify the MySQL server certificate.
$database_connection_ssl_ca = '/path/to/ca.pem';

// if you use multiple installations of phpList you can set this to
// something to identify this one. it will be prepended to email report
// subjects
Expand Down
Loading