diff --git a/application/forms/Config/Resource/DbResourceForm.php b/application/forms/Config/Resource/DbResourceForm.php
index 518c42280..d78cc3440 100644
--- a/application/forms/Config/Resource/DbResourceForm.php
+++ b/application/forms/Config/Resource/DbResourceForm.php
@@ -170,6 +170,18 @@ class DbResourceForm extends Form
)
);
if (isset($formData['use_ssl']) && $formData['use_ssl']) {
+ if (defined('\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')) {
+ $this->addElement(
+ 'checkbox',
+ 'ssl_do_not_verify_server_cert',
+ array(
+ 'label' => $this->translate('SSL Do Not Verify Server Certificate'),
+ 'description' => $this->translate(
+ 'Whether to disable verification of the server certificate'
+ )
+ )
+ );
+ }
$this->addElement(
'text',
'ssl_key',
diff --git a/application/locale/de_DE/LC_MESSAGES/icinga.mo b/application/locale/de_DE/LC_MESSAGES/icinga.mo
index 4360b0a81..78b43532c 100644
Binary files a/application/locale/de_DE/LC_MESSAGES/icinga.mo and b/application/locale/de_DE/LC_MESSAGES/icinga.mo differ
diff --git a/application/locale/de_DE/LC_MESSAGES/icinga.po b/application/locale/de_DE/LC_MESSAGES/icinga.po
index 5ca2e5dda..76bf69192 100644
--- a/application/locale/de_DE/LC_MESSAGES/icinga.po
+++ b/application/locale/de_DE/LC_MESSAGES/icinga.po
@@ -3868,3 +3868,11 @@ msgstr "umschalten"
#~ msgid "for"
#~ msgstr "für"
+
+#: ../../../../application/forms/Config/Resource/DbResourceForm.php:176
+msgid "SSL Do Not Verify Server Certificate"
+msgstr "SSL-Serverzertifikat nicht verifizieren"
+
+#: ../../../../application/forms/Config/Resource/DbResourceForm.php:178
+msgid "Whether to disable verification of the server certificate"
+msgstr "Die Verifikation des Serverzertifikats deaktivieren"
diff --git a/doc/04-Resources.md b/doc/04-Resources.md
index dc2e848e6..4566dd8b1 100644
--- a/doc/04-Resources.md
+++ b/doc/04-Resources.md
@@ -23,21 +23,22 @@ ssh | Manage [SSH](04-Resources.md#resources-configuration-
A Database resource defines a connection to a SQL database which
can contain users and groups to handle authentication and authorization, monitoring data or user preferences.
-Option | Description
--------------------------|-----------------------------------------------
-type | **Required.** Specifies the resource type. Must be set to `db`.
-db | **Required.** Database type. In most cases `mysql` or `pgsql`.
-host | **Required.** Connect to the database server on the given host. For using unix domain sockets, specify `localhost` for MySQL and the path to the unix domain socket directory for PostgreSQL.
-port | **Required.** Port number to use. MySQL defaults to `3306`, PostgreSQL defaults to `5432`. Mandatory for connections to a PostgreSQL database.
-username | **Required.** The database username.
-password | **Required.** The database password.
-dbname | **Required.** The database name.
-charset | **Optional.** The character set for the database connection.
-ssl\_cert | **Optional.** The file path to the SSL certificate. Only available for the `mysql` database.
-ssl\_key | **Optional.** The file path to the SSL key. Only available for the `mysql` database.
-ssl\_ca | **Optional.** The file path to the SSL certificate authority. Only available for the `mysql` database.
-ssl\_capath | **Optional.** The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format.Only available for the `mysql` database.
-ssl\_cipher | **Optional.** A list of one or more permissible ciphers to use for SSL encryption, in a format understood by OpenSSL. For example: `DHE-RSA-AES256-SHA:AES128-SHA`. Only available for the `mysql` database.
+Option | Description
+------------------------------------|------------
+type | **Required.** Specifies the resource type. Must be set to `db`.
+db | **Required.** Database type. In most cases `mysql` or `pgsql`.
+host | **Required.** Connect to the database server on the given host. For using unix domain sockets, specify `localhost` for MySQL and the path to the unix domain socket directory for PostgreSQL.
+port | **Required.** Port number to use. MySQL defaults to `3306`, PostgreSQL defaults to `5432`. Mandatory for connections to a PostgreSQL database.
+username | **Required.** The database username.
+password | **Required.** The database password.
+dbname | **Required.** The database name.
+charset | **Optional.** The character set for the database connection.
+ssl\_do\_not\_verify\_server\_cert | **Optional.** Disable validation of the server certificate. Only available for the `mysql` database and on PHP versions > 5.6.
+ssl\_cert | **Optional.** The file path to the SSL certificate. Only available for the `mysql` database.
+ssl\_key | **Optional.** The file path to the SSL key. Only available for the `mysql` database.
+ssl\_ca | **Optional.** The file path to the SSL certificate authority. Only available for the `mysql` database.
+ssl\_capath | **Optional.** The file path to the directory that contains the trusted SSL CA certificates, which are stored in PEM format.Only available for the `mysql` database.
+ssl\_cipher | **Optional.** A list of one or more permissible ciphers to use for SSL encryption, in a format understood by OpenSSL. For example: `DHE-RSA-AES256-SHA:AES128-SHA`. Only available for the `mysql` database.
#### Example
diff --git a/library/Icinga/Data/Db/DbConnection.php b/library/Icinga/Data/Db/DbConnection.php
index 701969360..c8d1eb7b4 100644
--- a/library/Icinga/Data/Db/DbConnection.php
+++ b/library/Icinga/Data/Db/DbConnection.php
@@ -185,6 +185,11 @@ class DbConnection implements Selectable, Extensible, Updatable, Reducible, Insp
if ($this->config->ssl_cipher) {
$adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config->ssl_cipher;
}
+ if (defined('PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
+ && $this->config->ssl_do_not_verify_server_cert
+ ) {
+ $adapterParamaters['driver_options'][PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = false;
+ }
}
/*
* Set MySQL server SQL modes to behave as closely as possible to Oracle and PostgreSQL. Note that the
diff --git a/modules/monitoring/library/Monitoring/BackendStep.php b/modules/monitoring/library/Monitoring/BackendStep.php
index f87f64b2e..e94625fb4 100644
--- a/modules/monitoring/library/Monitoring/BackendStep.php
+++ b/modules/monitoring/library/Monitoring/BackendStep.php
@@ -114,6 +114,16 @@ class BackendStep extends Step
. '| ' . str_repeat('*', strlen($this->data['resourceConfig']['password'])) . ' | '
. '';
+ if (defined('\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
+ && isset($this->data['resourceConfig']['ssl_do_not_verify_server_cert'])
+ && $this->data['resourceConfig']['ssl_do_not_verify_server_cert']
+ ) {
+ $resourceHtml .= ''
+ . ''
+ . '| ' . t('SSL Do Not Verify Server Certificate') . ' | '
+ . '' . $this->data['resourceConfig']['ssl_do_not_verify_server_cert'] . ' | '
+ . '
';
+ }
if (isset($this->data['resourceConfig']['ssl_key']) && $this->data['resourceConfig']['ssl_key']) {
$resourceHtml .= ''
.''
diff --git a/modules/setup/library/Setup/Steps/ResourceStep.php b/modules/setup/library/Setup/Steps/ResourceStep.php
index 0792077b0..d9daf3b8f 100644
--- a/modules/setup/library/Setup/Steps/ResourceStep.php
+++ b/modules/setup/library/Setup/Steps/ResourceStep.php
@@ -91,6 +91,16 @@ class ResourceStep extends Step
. '| ' . str_repeat('*', strlen($this->data['dbResourceConfig']['password'])) . ' | '
. '
';
+ if (defined('\PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
+ && isset($this->data['resourceConfig']['ssl_do_not_verify_server_cert'])
+ && $this->data['resourceConfig']['ssl_do_not_verify_server_cert']
+ ) {
+ $dbHtml .= ''
+ . ''
+ . '| ' . t('SSL Do Not Verify Server Certificate') . ' | '
+ . '' . $this->data['resourceConfig']['ssl_do_not_verify_server_cert'] . ' | '
+ . '
';
+ }
if (isset($this->data['dbResourceConfig']['ssl_key']) && $this->data['dbResourceConfig']['ssl_key']) {
$dbHtml .= ''
.''
diff --git a/modules/setup/library/Setup/Utils/DbTool.php b/modules/setup/library/Setup/Utils/DbTool.php
index a50d3aa79..0617065b8 100644
--- a/modules/setup/library/Setup/Utils/DbTool.php
+++ b/modules/setup/library/Setup/Utils/DbTool.php
@@ -280,6 +280,11 @@ class DbTool
if ($this->config['ssl_cipher']) {
$config['driver_options'][PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config['ssl_cipher'];
}
+ if (defined('PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
+ && $this->config['ssl_do_not_verify_server_cert']
+ ) {
+ $config['driver_options'][PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = false;
+ }
}
$this->zendConn = new Zend_Db_Adapter_Pdo_Mysql($config);
} elseif ($this->config['db'] === 'pgsql') {
@@ -330,6 +335,11 @@ class DbTool
if ($this->config['ssl_cipher']) {
$driverOptions[PDO::MYSQL_ATTR_SSL_CIPHER] = $this->config['ssl_cipher'];
}
+ if (defined('PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT')
+ && $this->config['ssl_do_not_verify_server_cert']
+ ) {
+ $driverOptions[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = false;
+ }
}
$this->pdoConn = new PDO(