$self->{'port'} = C4::Context->config("port");
$self->{'user'} = C4::Context->config("user");
$self->{'password'} = C4::Context->config("pass");
+ $self->{'tls'} = C4::Context->config("tls");
+ if ($self->{'tls'} eq 'yes'){
+ $self->{'ca'} = C4::Context->config('ca');
+ $self->{'cert'} = C4::Context->config('cert');
+ $self->{'key'} = C4::Context->config('key');
+ $self->{'tlsoptions'} = ";mysql_ssl=1;mysql_ssl_client_key=".$self->{key}.";mysql_ssl_client_cert=".$self->{cert}.";mysql_ssl_ca_file=".$self->{ca};
+ $self->{'tlscmdline'} = " --ssl-cert ". $self->{cert} . " --ssl-key " . $self->{key} . " --ssl-ca ".$self->{ca}." "
+ }
$self->{'dbh'} = DBI->connect("DBI:$self->{dbms}:dbname=$self->{dbname};host=$self->{hostname}" .
- ( $self->{port} ? ";port=$self->{port}" : "" ),
+ ( $self->{port} ? ";port=$self->{port}" : "" ).
+ ( $self->{tlsoptions} ? $self->{tlsoptions} : ""),
$self->{'user'}, $self->{'password'});
$self->{'language'} = undef;
$self->{'marcflavour'} = undef;
if( $dup_stderr ) {
warn "C4::Installer::load_sql returned the following errors while attempting to load $filename:\n";
$error = $dup_stderr;
-
}
return $error;
my $db_port = $context->config("port") || '';
my $db_user = $context->config("user");
my $db_passwd = $context->config("pass");
+ my $tls = $context->config("tls");
+ my $tls_options;
+ if ($tls eq 'yes'){
+ my $ca = $context->config('ca');
+ my $cert = $context->config('cert');
+ my $key = $context->config('key');
+ $tls_options = ";mysql_ssl=1;mysql_ssl_client_key=".$key.";mysql_ssl_client_cert=".$cert.";mysql_ssl_ca_file=".$ca;
+ }
+
+
my ( %encoding_attr, $encoding_query, $tz_query );
my $tz = $ENV{TZ};
}
my $schema = Koha::Schema->connect(
{
- dsn => "dbi:$db_driver:database=$db_name;host=$db_host;port=$db_port",
+ dsn => "dbi:$db_driver:database=$db_name;host=$db_host;port=$db_port".($tls_options? $tls_options : ""),
user => $db_user,
password => $db_passwd,
%encoding_attr,
'DB_NAME' => 'koha',
'DB_USER' => 'kohaadmin',
'DB_PASS' => 'katikoan',
+ 'DB_USE_TLS' => 'no',
+ 'DB_TLS_CA_CERTIFICATE' => '/etc/mysql-ssl/server-ca.pem',
+ 'DB_TLS_CLIENT_CERTIFICATE' => '/etc/mysql-ssl/client-cert.pem',
+ 'DB_TLS_CLIENT_KEY' => '/etc/mysql-ssl/client-key.pem',
'INSTALL_SRU' => 'yes',
'INSTALL_PAZPAR2' => 'no',
'AUTH_INDEX_MODE' => 'dom',
my %valid_config_values = (
'INSTALL_MODE' => { 'standard' => 1, 'single' => 1, 'dev' => 1 },
'DB_TYPE' => { 'mysql' => 1, 'Pg' => 1 },
+ 'DB_USE_TLS' => {'yes', 'no'},
'INSTALL_SRU' => { 'yes' => 1, 'no' => 1 },
'AUTH_INDEX_MODE' => { 'grs1' => 1, 'dom' => 1 },
'BIB_INDEX_MODE' => { 'grs1' => 1, 'dom' => 1 },
Please specify the name of the database to be
used by Koha);
$config{'DB_NAME'} = _get_value('DB_NAME', $msg, $defaults->{'DB_NAME'}, $valid_values, $install_log_values);
+ if ($config{'DB_TYPE'} eq 'mysql'){
+ $msg = q(
+Please specify whether the connection to MySQL will use TLS
+ );
+ $config{'DB_USE_TLS'} = _get_value('DB_USE_TLS', $msg, $defaults->{'DB_USE_TLS'}, $valid_values, $install_log_values);
+ }
+ if ($config{'DB_USE_TLS'} eq 'yes'){
+ $msg = q(
+Please enter the path to the CA certificate for TLS
+ );
+ $config{'DB_TLS_CA_CERTIFICATE'} = _get_value('DB_TLS_CA_CERTIFICATE', $msg, $defaults->{'DB_TLS_CA_CERTIFICATE'}, $valid_values, $install_log_values);
+
+ $msg = q(
+Please enter the path to the client certificate for TLS
+ );
+ $config{'DB_TLS_CLIENT_CERTIFICATE'} = _get_value('DB_TLS_CLIENT_CERTIFICATE', $msg, $defaults->{'DB_TLS_CLIENT_CERTIFICATE'}, $valid_values, $install_log_values);
+ $msg = q(
+Please enter the path to the client key for TLS
+ );
+ $config{'DB_TLS_CLIENT_KEY'} = _get_value('DB_TLS_CLIENT_KEY', $msg, $defaults->{'DB_TLS_CLIENT_KEY'}, $valid_values, $install_log_values);
+ }
$msg = q(
Please specify the user that owns the database to be
<port>__DB_PORT__</port>
<user>__DB_USER__</user>
<pass>__DB_PASS__</pass>
+ <tls>__DB_USE_TLS__</tls>
+ <ca>__DB_TLS_CA_CERTIFICATE__</ca>
+ <cert>__DB_TLS_CLIENT_CERTIFICATE__</cert>
+ <key>__DB_TLS_CLIENT_KEY__</key>
<biblioserver>biblios</biblioserver>
<biblioservershadow>1</biblioservershadow>
<authorityserver>authorities</authorityserver>
$info{'port'} = C4::Context->config("port");
$info{'user'} = C4::Context->config("user");
$info{'password'} = C4::Context->config("pass");
+$info{'tls'} = C4::Context->config("tls");
+ if ($info{'tls'} eq 'yes'){
+ $info{'ca'} = C4::Context->config('ca');
+ $info{'cert'} = C4::Context->config('cert');
+ $info{'key'} = C4::Context->config('key');
+ $info{'tlsoptions'} = ";mysql_ssl=1;mysql_ssl_client_key=".$info{key}.";mysql_ssl_client_cert=".$info{cert}.";mysql_ssl_ca_file=".$info{ca};
+ $info{'tlscmdline'} = " --ssl-cert ". $info{cert} . " --ssl-key " . $info{key} . " --ssl-ca ".$info{ca}." "
+ }
+
my $dbh = DBI->connect(
"DBI:$info{dbms}:dbname=$info{dbname};host=$info{hostname}"
- . ( $info{port} ? ";port=$info{port}" : "" ),
+ . ( $info{port} ? ";port=$info{port}" : "" )
+ . ( $info{tlsoptions} ? $info{tlsoptions} : "" ),
$info{'user'}, $info{'password'}
);
#I put it there because it implied a data import if condition was not satisfied.
my $dbh = DBI->connect(
"DBI:$info{dbms}:dbname=$info{dbname};host=$info{hostname}"
- . ( $info{port} ? ";port=$info{port}" : "" ),
+ . ( $info{port} ? ";port=$info{port}" : "" )
+ . ( $info{tlsoptions} ? $info{tlsoptions} : "" ),
$info{'user'}, $info{'password'}
);
my $rq;
PREFIX,
BASE_DIR, CGI_DIR, LOG_DIR, PLUGINS_DIR, INSTALL_BASE,
-DB_TYPE, DB_HOST, DB_PORT, DB_NAME, DB_PASS, DB_USER, WEBMASTER_EMAIL, WEBSERVER_DOMAIN,
+DB_TYPE, DB_HOST, DB_PORT, DB_NAME, DB_PASS, DB_USER, DB_USE_TLS, DB_TLS_CA_CERT, DB_TLS_CLIENT_KEY, DB_TLS_CLIENT_CERT, WEBMASTER_EMAIL, WEBSERVER_DOMAIN,
WEBSERVER_HOST, WEBSERVER_IP, WEBSERVER_PORT, WEBSERVER_PORT_LIBRARIAN, ZEBRA_PASS, ZEBRA_USER
=head1 EXAMPLES
"__DB_PORT__" => "3306",
"__DB_USER__" => "kohaadmin",
"__DB_PASS__" => "katikoan",
+ "__DB_USE_TLS__" => "no",
+ "__DB_TLS_CA_CERTIFICATE__" => "",
+ "__DB_TLS_CLIENT_CERTIFICATE__" => "",
+ "__DB_TLS_CLIENT_KEY__"=>"",
"__WEBMASTER_EMAIL__" => 'webmaster@'.$mydomain,
"__WEBSERVER_DOMAIN__" => $mydomain,
"__WEBSERVER_HOST__" => $myhost,