From d6e2ef7f9ed68aa756f89780b0c7fcdf369592b9 Mon Sep 17 00:00:00 2001
From: Peio Rigaux <peio.rigaux@belledonne-communications.com>
Date: Wed, 15 Jan 2020 17:44:54 +0100
Subject: [PATCH] Added linphone rootca as mysql connection param and added
 option to package's selinux rule to survive reboot

---
 conf/db.conf                  | 17 +++++++++++++++++
 flexisip-account-manager.spec |  4 ++--
 src/database/database.php     | 18 ++++++++++++++++--
 3 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/conf/db.conf b/conf/db.conf
index 5a51347..a4c85c3 100644
--- a/conf/db.conf
+++ b/conf/db.conf
@@ -9,6 +9,23 @@
  */
 define("DB_HOST", "localhost");
 
+/*
+ * Enable data transfert over ssl.
+ *
+ * Default value: False
+ */
+
+define("DB_ENABLE_SSL", "False");
+
+/*
+ * rootca path. MANDATORY for DB SSL to work
+ *
+ * Default value: ""
+ * Possible value : /opt/belledonne-communications/share/linphone/rootca.pem
+ */
+
+define("ROOT_CA_PATH", "");
+
 /*
  * The database username.
  *
diff --git a/flexisip-account-manager.spec b/flexisip-account-manager.spec
index c8395a2..38f6e0f 100644
--- a/flexisip-account-manager.spec
+++ b/flexisip-account-manager.spec
@@ -8,7 +8,7 @@
 #%define _datadir           %{_datarootdir}
 #%define _docdir            %{_datadir}/doc
 
-%define build_number 14
+%define build_number 16
 #%if %{build_number}
 #%define build_number_ext -%{build_number}
 #%endif
@@ -52,7 +52,7 @@ mkdir -p /var/opt/belledonne-communications/log
 touch /var/opt/belledonne-communications/log/account-manager.log
 chown apache:apache /var/opt/belledonne-communications/log/account-manager.log
 chcon -t httpd_sys_rw_content_t /var/opt/belledonne-communications/log/account-manager.log
-setsebool httpd_can_network_connect_db on
+setsebool -P httpd_can_network_connect_db on
 fi
 
 
diff --git a/src/database/database.php b/src/database/database.php
index 17e5771..5560277 100644
--- a/src/database/database.php
+++ b/src/database/database.php
@@ -24,13 +24,27 @@ include_once __DIR__ . '/../misc/logging.php';
 class Database
 {
     public $conn;
-
     public function getConnection()
     {
         $this->conn = null;
 
         try {
-            $this->conn = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
+            if(!empty(DB_ENABLE_SSL) && !empty(ROOT_CA_PATH)){
+              if(!file_exists ( string ROOT_CA_PATH )){
+                Logger::getInstance()->error("MySQL connection error: the provided ROOT_CA_PATH does not exists!");
+              }
+              else{
+
+                $this->conn = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD, array (
+                    PDO::MYSQL_ATTR_SSL_CA => ROOT_CA_PATH,
+                    PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
+                ));
+              }
+            }
+            else{
+              $this->conn = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_NAME, DB_USER, DB_PASSWORD);
+            }
+
             $this->conn->exec("set names utf8");
         } catch (PDOException $exception) {
             Logger::getInstance()->error("Connection error: " . $exception->getMessage());