upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26

feat(db): add SSL/TLS support for PostgreSQL

Browse source 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
This commit is contained in:
Benjamin Gaussorgues 2025-09-18 10:53:31 +02:00
parent af64922dd3
commit e6e89d0ea1
No known key found for this signature in database
3 changed files with 51 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
config/config.sample.php
View file

@ -2118,6 +2118,17 @@ $CONFIG = [
*/
'mysql.collation' => null,
/**
* PostgreSQL SSL connection
*/
'pgsql_ssl' => [
'mode' => '',
'cert' => '',
'rootcert' => '',
'key' => '',
'crl' => '',
],
/**
* Database types supported for installation.
*

11
lib/private/DB/ConnectionFactory.php
View file

@ -198,6 +198,17 @@ class ConnectionFactory {
'tablePrefix' => $connectionParams['tablePrefix']
];
if ($type === 'pgsql') {
$pgsqlSsl = $this->config->getValue('pgsql_ssl', false);
if (is_array($pgsqlSsl)) {
$connectionParams['sslmode'] = $pgsqlSsl['mode'] ?? '';
$connectionParams['sslrootcert'] = $pgsqlSsl['rootcert'] ?? '';
$connectionParams['sslcert'] = $pgsqlSsl['cert'] ?? '';
$connectionParams['sslkey'] = $pgsqlSsl['key'] ?? '';
$connectionParams['sslcrl'] = $pgsqlSsl['crl'] ?? '';
}
}
if ($type === 'mysql' && $this->config->getValue('mysql.utf8mb4', false)) {
$connectionParams['defaultTableOptions'] = [
'collate' => 'utf8mb4_bin',

29
tests/lib/DB/ConnectionFactoryTest.php
View file

@ -40,4 +40,33 @@ class ConnectionFactoryTest extends TestCase {
$this->assertEquals($expected, self::invokePrivate($factory, 'splitHostFromPortAndSocket', [$host]));
}
public function testPgsqlSslConnection(): void {
/** @var SystemConfig|\PHPUnit\Framework\MockObject\MockObject $config */
$config = $this->createMock(SystemConfig::class);
$config->method('getValue')
->willReturnCallback(function ($key, $default) {
return match ($key) {
'dbtype' => 'pgsql',
'pgsql_ssl' => [
'mode' => 'verify-full',
'cert' => 'client.crt',
'key' => 'client.key',
'crl' => 'client.crl',
'rootcert' => 'rootCA.crt',
],
default => $default,
};
});
$factory = new ConnectionFactory($config);
$params = $factory->createConnectionParams();
$this->assertEquals('pdo_pgsql', $params['driver']);
$this->assertEquals('verify-full', $params['sslmode']);
$this->assertEquals('rootCA.crt', $params['sslrootcert']);
$this->assertEquals('client.crt', $params['sslcert']);
$this->assertEquals('client.key', $params['sslkey']);
$this->assertEquals('client.crl', $params['sslcrl']);
}
}