Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Symfony : how to set SSL parameters in Doctrine DBAL configuration (YAML)?

I'd like to add my SSL cert and key files to Doctrine DBAL configuration but I don't see how to achieve that.

In PHP, I just have to write something like :

$databaseHandler = new \PDO(
    'mysql:host=my_host;dbname=my_db',
    'username',
    'password',
    array(
        \PDO::MYSQL_ATTR_SSL_KEY   => '.../client-key.pem',
        \PDO::MYSQL_ATTR_SSL_CERT  => '.../client-cert.pem',
        \PDO::MYSQL_ATTR_SSL_CA    => '.../ca-cert.pem'
    )
);

I understand there is a Custom Driver Option driverOptions, and I saw this answer but I'm not sure about how to translate that into YAML.

I have the feeling I should write something close to :

doctrine:
    dbal:
        driver:   "%database_driver%"
        host:     "%database_host%"
        port:     "%database_port%"
        dbname:   "%database_name%"
        user:     "%database_user%"
        password: "%database_password%"
        charset:  UTF8
        driverOptions:
            PDO::MYSQL_ATTR_SSL_CA: '.../client-key.pem'
            PDO::MYSQL_ATTR_SSL_CERT: '.../client-cert.pem'
            PDO::MYSQL_ATTR_SSL_CA: '.../ca-cert.pem'

But double colons won't really please YAML...

like image 303
Ivan Gabriele Avatar asked Apr 27 '15 17:04

Ivan Gabriele


2 Answers

Since Symfony 3.2 this became a lot easier:

doctrine:
    dbal:
        <other configs>
        options:
            !php/const:PDO::MYSQL_ATTR_SSL_CA: %ca_cert%
            !php/const:PDO::MYSQL_ATTR_SSL_KEY: %private_key%
            !php/const:PDO::MYSQL_ATTR_SSL_CERT: %public_cert%
like image 192
Robert Avatar answered Nov 15 '22 22:11

Robert


I found a much easier way than the rest. Make the following settings in app/config/config.yml:

# Doctrine Configuration
doctrine:
    dbal:
        driver:   pdo_mysql
        host:     "%database_host%"
        port:     "%database_port%"
        dbname:   "%database_name%"
        user:     "%database_user%"
        password: "%database_password%"
        charset:  UTF8
        # Options for SSL connection
        options:
            MYSQL_ATTR_SSL_CA : %ca_cert%
            MYSQL_ATTR_SSL_KEY : %private_key%
            MYSQL_ATTR_SSL_CERT : %public_cert%

Then in your app/config/parameters.yml file:

parameters:
    ...
    # SSL Info
    private_key: /etc/my.cnf.d/certs/client-key.pem
    public_cert: /etc/my.cnf.d/certs/client-cert.pem
    ca_cert: /etc/my.cnf.d/certs/ca-cert.pem

I tested this on Symfony3 and this works great. The paths above may be different, in particular the certs may be different depending on your distro and how you set it up.

like image 29
Alvin Bunk Avatar answered Nov 15 '22 21:11

Alvin Bunk