[rt-users] Connecting to remote MySQL via SSL

Alex Vandiver alexmv at bestpractical.com
Thu Jan 29 15:03:41 EST 2015


On Thu, 29 Jan 2015 10:59:27 +0100 Nathan Cutler
<presnypreklad at gmail.com> wrote:
> I have been tasked with migrating our RT database (MySQL) to a remote
> server, connection between RT and the database server must be SSL
> encrypted.
> 
> I see at [1] that DBD::mysql supports SSL, but the RT documentation
> [2] seems to imply that RT only supports SSL with PostgreSQL:
> 
>     $DatabaseRequireSSL
> 
>     If you're using PostgreSQL and have compiled in SSL support, set
> $DatabaseRequireSSL to 1 to turn on SSL communication with the
> database.

From a quick skim of the DBIx::SearchBuilder::Handle code[1], that looks
to add "requiressl=1" to the DSN -- which, even on Pg, doesn't do
anything, since the current form is "sslmode=require"[1].  That option
should die, and be replaced by a more generic one that allows one to
append arbitrary things to the DSN -- particularly as "enabling SSL"
isn't really an on/off bit, as one needs to talk about verification of
the certificate in order for it to provide any security.

> What is the status of out-of-the-box support for SSL with MySQL in RT
> 4.2?

Add a local overlay of RT::Handle::BuildDSN to add the relevant DSN
attributes.  A future release will provide rope to do this without an
overlay.
 - Alex

[1]
https://github.com/bestpractical/dbix-searchbuilder/blob/master/lib/DBIx/SearchBuilder/Handle.pm#L152-L171

[2] https://metacpan.org/pod/DBD::Pg#connect

> Thanks,
> Nathan
> 
> [1] https://metacpan.org/pod/DBD::mysql#mysql_ssl
> [2]
> https://www.bestpractical.com/docs/rt/4.2/RT_Config.html#DatabaseRequireSSL




More information about the rt-users mailing list