Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add PostgreSQL SSL options support #829

Merged
merged 4 commits into from Nov 29, 2018
Merged

Add PostgreSQL SSL options support #829

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
00a7630
Add PostgreSQL SSL options support
oldskool Jun 27, 2018
5a4461e
Add sslcrl option
oldskool Jun 27, 2018
46ddf45
Add tests and documentation for sslcert and sslkey config keys
Oct 30, 2018
ca32f07
Add tests and documentation for sslcrl config key
Oct 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
15 changes: 15 additions & 0 deletions DependencyInjection/Configuration.php
View file
Open in desktop
Expand Up @@ -226,6 +226,21 @@ private function configureDbalDriverNode(ArrayNodeDefinition $node)
'If the file exists, the server\'s certificate will be verified to be signed by one of these authorities.'
)
->end()
->scalarNode('sslcert')
->info(
'The path to the SSL client certificate file for PostgreSQL.'
)
->end()
->scalarNode('sslkey')
->info(
'The path to the SSL client key file for PostgreSQL.'
)
->end()
->scalarNode('sslcrl')
->info(
'The file name of the SSL certificate revocation list for PostgreSQL.'
)
->end()
->booleanNode('pooled')->info('True to use a pooled server with the oci8/pdo_oracle driver')->end()
->booleanNode('MultipleActiveResultSets')->info('Configuring MultipleActiveResultSets for the pdo_sqlsrv driver')->end()
->booleanNode('use_savepoints')->info('Use savepoints for nested transactions')->end()
Expand Down
3 changes: 3 additions & 0 deletions Resources/config/schema/doctrine-1.0.xsd
View file
Open in desktop
Expand Up @@ -61,6 +61,9 @@
<xsd:attribute name="session-mode" type="xsd:string" />
<xsd:attribute name="sslmode" type="xsd:string" />
<xsd:attribute name="sslrootcert" type="xsd:string" />
<xsd:attribute name="sslcert" type="xsd:string" />
<xsd:attribute name="sslkey" type="xsd:string" />
<xsd:attribute name="sslcrl" type="xsd:string" />
<xsd:attribute name="pooled" type="xsd:string" />
<xsd:attribute name="multiple-active-result-sets" type="xsd:string" />
<xsd:attribute name="connectstring" type="xsd:string" />
Expand Down
60 changes: 60 additions & 0 deletions Resources/doc/configuration.rst
View file
Open in desktop
Expand Up @@ -67,6 +67,18 @@ Configuration Reference
# If the file exists, the server's certificate will be verified to be signed by one of these authorities.
sslrootcert: ~

# PostgreSQL specific (LIBPQ-CONNECT-SSLCERT).
# The name of a file containing the client SSL certificate.
sslcert: ~

# PostgreSQL specific (LIBPQ-CONNECT-SSLKEY).
# The name of a file containing the private key for the client SSL certificate.
sslkey: ~

# PostgreSQL specific (LIBPQ-CONNECT-SSLCRL).
# The name of a file containing the SSL certificate revocation list (CRL).
sslcrl: ~

# Oracle specific (SERVER=POOLED). True to use a pooled server with the oci8/pdo_oracle driver
pooled: ~

Expand Down Expand Up @@ -157,6 +169,18 @@ Configuration Reference
# If the file exists, the server's certificate will be verified to be signed by one of these authorities.
sslrootcert: ~

# PostgreSQL specific (LIBPQ-CONNECT-SSLCERT).
# The name of a file containing the client SSL certificate.
sslcert: ~

# PostgreSQL specific (LIBPQ-CONNECT-SSLKEY).
# The name of a file containing the private key for the client SSL certificate.
sslkey: ~

# PostgreSQL specific (LIBPQ-CONNECT-SSLCRL).
# The name of a file containing the SSL certificate revocation list (CRL).
sslcrl: ~

# Oracle specific (SERVER=POOLED). True to use a pooled server with the oci8/pdo_oracle driver
pooled: ~

Expand Down Expand Up @@ -205,6 +229,18 @@ Configuration Reference
# If the file exists, the server's certificate will be verified to be signed by one of these authorities.
sslrootcert: ~

# PostgreSQL specific (LIBPQ-CONNECT-SSLCERT).
# The name of a file containing the client SSL certificate.
sslcert: ~

# PostgreSQL specific (LIBPQ-CONNECT-SSLKEY).
# The name of a file containing the private key for the client SSL certificate.
sslkey: ~

# PostgreSQL specific (LIBPQ-CONNECT-SSLCRL).
# The name of a file containing the SSL certificate revocation list (CRL).
sslcrl: ~

# Oracle specific (SERVER=POOLED). True to use a pooled server with the oci8/pdo_oracle driver
pooled: ~

Expand Down Expand Up @@ -401,6 +437,9 @@ Configuration Reference
<!-- server: The name of a running database server to connect to for SQL Anywhere. -->
<!-- sslmode: Determines whether or with what priority a SSL TCP/IP connection will be negotiated with the server for PostgreSQL. -->
<!-- sslrootcert: The name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities. -->
<!-- sslcert: The name of a file containing a client SSL certificate -->
<!-- sslkey: The name of a file containing the private key used for the client SSL certificate -->
<!-- sslcrl: The name of a file containing the SSL certificate revocation list (CRL) -->
<!-- pooled: True to use a pooled server with the oci8/pdo_oracle driver -->
<!-- MultipleActiveResultSets: Configuring MultipleActiveResultSets for the pdo_sqlsrv driver -->
<!-- use-savepoints: Enable savepoints for nested transactions -->
Expand All @@ -423,6 +462,9 @@ Configuration Reference
server=""
sslmode=""
sslrootcert=""
sslcert=""
sslkey=""
sslcrl=""
pooled=""
MultipleActiveResultSets=""
use-savepoints="true"
Expand Down Expand Up @@ -461,6 +503,9 @@ Configuration Reference
<!-- server: The name of a running database server to connect to for SQL Anywhere. -->
<!-- sslmode: Determines whether or with what priority a SSL TCP/IP connection will be negotiated with the server for PostgreSQL. -->
<!-- sslrootcert: The name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities. -->
<!-- sslcert: The name of a file containing a client SSL certificate -->
<!-- sslkey: The name of a file containing the private key used for the client SSL certificate -->
<!-- sslcrl: The name of a file containing the SSL certificate revocation list (CRL) -->
<!-- pooled: True to use a pooled server with the oci8/pdo_oracle driver -->
<!-- MultipleActiveResultSets: Configuring MultipleActiveResultSets for the pdo_sqlsrv driver -->
<doctrine:slave
Expand All @@ -482,6 +527,9 @@ Configuration Reference
server=""
sslmode=""
sslrootcert=""
sslcert=""
sslkey=""
sslcrl=""
pooled=""
MultipleActiveResultSets=""
/>
Expand All @@ -497,6 +545,9 @@ Configuration Reference
<!-- server: The name of a running database server to connect to for SQL Anywhere. -->
<!-- sslmode: Determines whether or with what priority a SSL TCP/IP connection will be negotiated with the server for PostgreSQL. -->
<!-- sslrootcert: The name of a file containing SSL certificate authority (CA) certificate(s). If the file exists, the server's certificate will be verified to be signed by one of these authorities. -->
<!-- sslcert: The name of a file containing a client SSL certificate -->
<!-- sslkey: The name of a file containing the private key used for the client SSL certificate -->
<!-- sslcrl: The name of a file containing the SSL certificate revocation list (CRL) -->
<!-- pooled: True to use a pooled server with the oci8/pdo_oracle driver -->
<!-- MultipleActiveResultSets: Configuring MultipleActiveResultSets for the pdo_sqlsrv driver -->
<doctrine:shard
Expand All @@ -518,6 +569,9 @@ Configuration Reference
server=""
sslmode=""
sslrootcert=""
sslcert=""
sslkey=""
sslcrl=""
pooled=""
MultipleActiveResultSets=""
/>
Expand Down Expand Up @@ -898,6 +952,9 @@ can configure. The following block shows all possible configuration keys:
sessionMode: 2 # oci8 driver specific (session_mode)
sslmode: require # PostgreSQL specific (LIBPQ-CONNECT-SSLMODE)
sslrootcert: postgresql-ca.pem # PostgreSQL specific (LIBPQ-CONNECT-SSLROOTCERT)
sslcert: postgresql-cert.pem # PostgreSQL specific (LIBPQ-CONNECT-SSLCERT)
sslkey: postgresql-key.pem # PostgreSQL specific (LIBPQ-CONNECT-SSLKEY)
sslcrl: postgresql.crl # PostgreSQL specific (LIBPQ-CONNECT-SSLCRL)
wrapper_class: MyDoctrineDbalConnectionWrapper
charset: UTF8
logging: "%kernel.debug%"
Expand Down Expand Up @@ -944,6 +1001,9 @@ can configure. The following block shows all possible configuration keys:
sessionMode"2" <!-- oci8 driver specific (session_mode) -->
sslmode="require" <!-- PostgreSQL specific (LIBPQ-CONNECT-SSLMODE) -->
sslrootcert="postgresql-ca.pem" <!-- PostgreSQL specific (LIBPQ-CONNECT-SSLROOTCERT) -->
sslcert="postgresql-cert.pem" <!-- PostgreSQL specific (LIBPQ-CONNECT-SSLCERT) -->
sslkey="postgresql-key.pem" <!-- PostgreSQL specific (LIBPQ-CONNECT-SSLKEY) -->
sslcrl="postgresql.crl" <!-- PostgreSQL specific (LIBPQ-CONNECT-SSLCRL) -->
wrapper-class="MyDoctrineDbalConnectionWrapper"
charset="UTF8"
logging="%kernel.debug%"
Expand Down
3 changes: 3 additions & 0 deletions Tests/DependencyInjection/AbstractDoctrineExtensionTest.php
View file
Open in desktop
Expand Up @@ -68,6 +68,9 @@ public function testDbalLoadFromXmlMultipleConnections()
$this->assertSame('pgsql_s3cr3t', $config['password']);
$this->assertSame('require', $config['sslmode']);
$this->assertSame('postgresql-ca.pem', $config['sslrootcert']);
$this->assertSame('postgresql-cert.pem', $config['sslcert']);
$this->assertSame('postgresql-key.pem', $config['sslkey']);
$this->assertSame('postgresql.crl', $config['sslcrl']);
$this->assertSame('utf8', $config['charset']);

// doctrine.dbal.sqlanywhere_connection
Expand Down
3 changes: 3 additions & 0 deletions Tests/DependencyInjection/Fixtures/config/xml/dbal_service_multiple_connections.xml
View file
Open in desktop
Expand Up @@ -47,6 +47,9 @@
password="pgsql_s3cr3t"
sslmode="require"
sslrootcert="postgresql-ca.pem"
sslcert="postgresql-cert.pem"
sslkey="postgresql-key.pem"
sslcrl="postgresql.crl"
charset="utf8" />
<connection
name="sqlanywhere"
Expand Down
3 changes: 3 additions & 0 deletions Tests/DependencyInjection/Fixtures/config/yml/dbal_service_multiple_connections.yml
View file
Open in desktop
Expand Up @@ -36,6 +36,9 @@ doctrine:
password: pgsql_s3cr3t
sslmode: require
sslrootcert: postgresql-ca.pem
sslcert: postgresql-cert.pem
sslkey: postgresql-key.pem
sslcrl: postgresql.crl
charset: utf8
sqlanywhere:
driver: sqlanywhere
Expand Down