Added linphone rootca as mysql connection param and added option to package's selinux rule to survive reboot

2026-01-17 01:58:07 +00:00 · 2020-01-15 17:44:54 +01:00 · 2020-01-15 17:44:54 +01:00 · d6e2ef7f9e
commit d6e2ef7f9e
parent 3fb07ca34b
3 changed files with 35 additions and 4 deletions
--- a/conf/db.conf
+++ b/conf/db.conf
@ -9,6 +9,23 @@
 */
 define("DB_HOST", "localhost");

+/*
+ * Enable data transfert over ssl.
+ *
+ * Default value: False
+ */
+
+define("DB_ENABLE_SSL", "False");
+
+/*
+ * rootca path. MANDATORY for DB SSL to work
+ *
+ * Default value: ""
+ * Possible value : /opt/belledonne-communications/share/linphone/rootca.pem
+ */
+
+define("ROOT_CA_PATH", "");
+
 /*
 * The database username.
 *
--- a/flexisip-account-manager.spec
+++ b/flexisip-account-manager.spec
@ -8,7 +8,7 @@
 #%define _datadir           %{_datarootdir}
 #%define _docdir            %{_datadir}/doc

-%define build_number 14
+%define build_number 16
 #%if %{build_number}
 #%define build_number_ext -%{build_number}
 #%endif
@ -52,7 +52,7 @@ mkdir -p /var/opt/belledonne-communications/log
 touch /var/opt/belledonne-communications/log/account-manager.log
 chown apache:apache /var/opt/belledonne-communications/log/account-manager.log
 chcon -t httpd_sys_rw_content_t /var/opt/belledonne-communications/log/account-manager.log
-setsebool httpd_can_network_connect_db on
+setsebool -P httpd_can_network_connect_db on
 fi


--- a/src/database/database.php
+++ b/src/database/database.php
@ -24,13 +24,27 @@ include_once __DIR__ . '/../misc/logging.php';
 class Database
 {
    public $conn;
-
    public function getConnection()
    {
        $this->conn = null;

        try {
-            $this->conn = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
+            if(!empty(DB_ENABLE_SSL) && !empty(ROOT_CA_PATH)){
+              if(!file_exists ( string ROOT_CA_PATH )){
+                Logger::getInstance()->error("MySQL connection error: the provided ROOT_CA_PATH does not exists!");
+              }
+              else{
+
+                $this->conn = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD, array (
+                    PDO::MYSQL_ATTR_SSL_CA => ROOT_CA_PATH,
+                    PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
+                ));
+              }
+            }
+            else{
+              $this->conn = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
+            }
+
            $this->conn->exec("set names utf8");
        } catch (PDOException $exception) {
            Logger::getInstance()->error("Connection error: " . $exception->getMessage());