From 6f738dbf808503fe8ee8eae4311a66a955d5369b Mon Sep 17 00:00:00 2001
From: demeritcowboy <demeritcowboy@hotmail.com>
Date: Sun, 28 Jun 2020 14:26:24 -0400
Subject: [PATCH] allow specifying ssl in DSN

---
 CRM/Core/DAO.php | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/CRM/Core/DAO.php b/CRM/Core/DAO.php
index ce62eaba1c..0ce07aacae 100644
--- a/CRM/Core/DAO.php
+++ b/CRM/Core/DAO.php
@@ -163,6 +163,11 @@ class CRM_Core_DAO extends DB_DataObject {
     $options = &PEAR::getStaticProperty('DB_DataObject', 'options');
     $options['database'] = $dsn;
     $options['quote_identifiers'] = TRUE;
+    if (self::isSSLDSN($dsn)) {
+      // There are two different options arrays.
+      $other_options = &PEAR::getStaticProperty('DB', 'options');
+      $other_options['ssl'] = TRUE;
+    }
     if (defined('CIVICRM_DAO_DEBUG')) {
       self::DebugLevel(CIVICRM_DAO_DEBUG);
     }
@@ -3068,4 +3073,21 @@ SELECT contact_id
     }
   }
 
+  /**
+   * Does the DSN indicate the connection should use ssl.
+   *
+   * @param string $dsn
+   *
+   * @return bool
+   */
+  public static function isSSLDSN(string $dsn):bool {
+    // Note that ssl= below is not an official PEAR::DB option. It doesn't know
+    // what to do with it. We made it up because it's not required
+    // to have client-side certificates to use ssl, so here you can specify
+    // you want that by putting ssl=1 in the DSN string.
+    //
+    // Cast to bool in case of error which we interpret as no ssl.
+    return (bool) preg_match('/[\?&](key|cert|ca|capath|cipher|ssl)=/', $dsn);
+  }
+
 }
-- 
2.25.1