Introduce SSL for Bugzilla DB connections for MySQL

RESOLVED FIXED in Bugzilla 5.0

Status

()

Bugzilla
Database
--
enhancement
RESOLVED FIXED
5 years ago
3 years ago

People

(Reporter: Alexander Tereschenko, Assigned: Alexander Tereschenko)

Tracking

Bugzilla 5.0
Bug Flags:
approval +

Details

Attachments

(1 attachment)

(Assignee)

Description

5 years ago
Currently it's not possible to use SSL for Bugzilla MySQL connections, even though MySQL supports that (and I guess MySQL is what the vast majority of Bugzilla installations uses). This feature helps to provide defense in depth and make Bugzilla data more secure even in case of network perimeter breach.

The proposed patch adds this capability and I'm interested in getting your feedback as to the correctness of the approach I took and potential inclusion into mainline.

The patch adds 4 parameters into localconfig, which correspond to DBD::mysql SSL-related parameters + logic into Mysql.pm to apply those parameters to connection.

As long as localconfig typically includes more generic settings, I was hesitant to use it (after all MySQL is just one of the supported DBs) and was initially thinking about creating an extension instead, which would provide the GUI config page under Administration/Parameters instead of localconfig + introduce the same change into Mysql.pm (or redefine the Mysql.pm::new() within the extension), however that looked even less elegant, so I went the way you see in the patch.

This is tested to apply cleanly & work fine on 4.2.6 and trunk.
(Assignee)

Comment 1

5 years ago
Created attachment 791475 [details] [diff] [review]
Proposed solution v1

Setting Dave as reviewer as he's the first one in teh reviewers list, apologize if the choice is incorrect and please reassign or let me know who to ask for a review in this case.
Attachment #791475 - Flags: review?(dkl)

Updated

5 years ago
Attachment #791475 - Flags: review?(dkl) → review?(simon)

Updated

5 years ago
Assignee: database → aleksandr.v.tereschenko
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

Updated

5 years ago
Attachment #791475 - Flags: review?(simon) → review+

Updated

5 years ago
Flags: approval?
Flags: approval4.4?
Target Milestone: --- → Bugzilla 4.4

Updated

5 years ago
Flags: approval4.4?
Target Milestone: Bugzilla 4.4 → Bugzilla 5.0

Updated

5 years ago
Keywords: relnote
Flags: approval? → approval+

Comment 2

4 years ago
Thank you for the patch.

Committing to: bzr+ssh://bzr.mozilla.org/bugzilla/trunk/                       
modified Bugzilla/DB/Mysql.pm
modified Bugzilla/Install/Localconfig.pm
modified template/en/default/setup/strings.txt.pl
Committed revision 8803.
Status: ASSIGNED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
(Assignee)

Comment 3

4 years ago
Great, thank you Simon and Byron for the review.

Comment 4

3 years ago
Added to relnotes for 5.0rc1.
Keywords: relnote
You need to log in before you can comment on or make changes to this bug.