Merge pull request #17981 from eileenmcnaughton/merge_form

[civicrm-core.git] / CRM / Core / DAO.php

diff --git a/CRM/Core/DAO.php b/CRM/Core/DAO.php
index 430005a894f974f06fc203a57edd2540933b097d..a1cd6f7498915e29b1919cb62dd88662533a633a 100644 (file)
--- a/CRM/Core/DAO.php
+++ b/CRM/Core/DAO.php
@@ -163,6 +163,11 @@ class CRM_Core_DAO extends DB_DataObject {
     $options = &PEAR::getStaticProperty('DB_DataObject', 'options');
     $options['database'] = $dsn;
     $options['quote_identifiers'] = TRUE;
+    if (self::isSSLDSN($dsn)) {
+      // There are two different options arrays.
+      $other_options = &PEAR::getStaticProperty('DB', 'options');
+      $other_options['ssl'] = TRUE;
+    }
     if (defined('CIVICRM_DAO_DEBUG')) {
       self::DebugLevel(CIVICRM_DAO_DEBUG);
     }
@@ -3106,4 +3111,21 @@ SELECT contact_id
     }
   }
 
+  /**
+   * Does the DSN indicate the connection should use ssl.
+   *
+   * @param string $dsn
+   *
+   * @return bool
+   */
+  public static function isSSLDSN(string $dsn):bool {
+    // Note that ssl= below is not an official PEAR::DB option. It doesn't know
+    // what to do with it. We made it up because it's not required
+    // to have client-side certificates to use ssl, so here you can specify
+    // you want that by putting ssl=1 in the DSN string.
+    //
+    // Cast to bool in case of error which we interpret as no ssl.
+    return (bool) preg_match('/[\?&](key|cert|ca|capath|cipher|ssl)=/', $dsn);
+  }
+
 }