From f51eb96c694ce47a0781dcadd04cd6bb3e9627d1 Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Thu, 8 Feb 2018 14:22:05 +0000 Subject: [PATCH] =?UTF-8?q?N=C2=B01260=20MySQL=20TLS=20connection=20:=20do?= =?UTF-8?q?=20not=20use=20persistent=20connection=20in=20Mutex?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SVN:trunk[5313] --- core/cmdbsource.class.inc.php | 24 ++++++++++++------------ core/mutex.class.inc.php | 2 +- setup/backup.class.inc.php | 2 +- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/core/cmdbsource.class.inc.php b/core/cmdbsource.class.inc.php index e3cf9d29b..886783d14 100644 --- a/core/cmdbsource.class.inc.php +++ b/core/cmdbsource.class.inc.php @@ -174,8 +174,11 @@ class CMDBSource self::$m_sDBSSLCaPath = empty($sSSLCaPath) ? null : $sSSLCaPath; self::$m_sDBSSLCipher = empty($sSSLCipher) ? null : $sSSLCipher; + // when using TLS add persistent connection to reduce overhead + $bUsePersistentConnection = self::IsDbConnectionUsingSsl($sServer, $sServer, $sServer); + self::$m_oMysqli = self::GetMysqliInstance($sServer, $sUser, $sPwd, $sSource, $sSSLKey, $sSSLCert, $sSSLCA, - $sSSLCaPath, $sSSLCipher, true); + $sSSLCaPath, $sSSLCipher, $bUsePersistentConnection, true); } /** @@ -188,6 +191,7 @@ class CMDBSource * @param string $sSSLCA * @param string $sSSLCaPath * @param string $sSSLCipher + * @param boolean $bUsePersistentConnection {@see http://php.net/manual/en/mysqli.persistconns.php} * @param boolean $bCheckSslAfterConnection * * @return \mysqli @@ -195,14 +199,18 @@ class CMDBSource */ public static function GetMysqliInstance( $sServer, $sUser, $sPwd, $sSource = '', $sSSLKey = null, $sSSLCert = null, $sSSLCA = null, $sSSLCaPath = null, - $sSSLCipher = null, $bCheckSslAfterConnection = false + $sSSLCipher = null, $bUsePersistentConnection = false, $bCheckSslAfterConnection = false ) { $oMysqli = null; $sServer = null; $iPort = null; $bSslEnabled = self::IsDbConnectionUsingSsl($sSSLKey, $sSSLCert, $sSSLCA); - self::InitServerAndPort($sServer, $iPort, $bSslEnabled); + self::InitServerAndPort($sServer, $iPort); + if ($bUsePersistentConnection) + { + $sServer = 'p:'.$sServer; + } $iFlags = null; @@ -259,9 +267,8 @@ class CMDBSource * * @param string $sServer * @param int $iPort - * @param boolean $bSslEnabled */ - private static function InitServerAndPort(&$sServer, &$iPort, $bSslEnabled) + private static function InitServerAndPort(&$sServer, &$iPort) { $aConnectInfo = explode(':', self::$m_sDBHost); if (count($aConnectInfo) > 1) @@ -275,13 +282,6 @@ class CMDBSource $sServer = self::$m_sDBHost; $iPort = null; } - - if ($bSslEnabled) - { - // use persistent connexions to limit TLS overhead - // see http://php.net/manual/en/mysqli.persistconns.php - $sServer = 'p:'.self::$m_sDBHost; - } } /** diff --git a/core/mutex.class.inc.php b/core/mutex.class.inc.php index a83a6ecee..ce470bf40 100644 --- a/core/mutex.class.inc.php +++ b/core/mutex.class.inc.php @@ -245,7 +245,7 @@ class iTopMutex $sSSLCipher = $this->sDBSSLCipher; $this->hDBLink = CMDBSource::GetMysqliInstance($sServer, $sUser, $sPwd, $sSource, $sSSLKey, $sSSLCert, $sSSLCA, - $sSSLCaPath, $sSSLCipher, false); + $sSSLCaPath, $sSSLCipher, false, false); if (!$this->hDBLink) { diff --git a/setup/backup.class.inc.php b/setup/backup.class.inc.php index 94071cb5e..5c1f0e270 100644 --- a/setup/backup.class.inc.php +++ b/setup/backup.class.inc.php @@ -534,7 +534,7 @@ if (class_exists('ZipArchive')) // The setup must be able to start even if the " try { $oMysqli = CMDBSource::GetMysqliInstance($sServer, $sUser, $sPwd, $sSource, $sSSLKey, $sSSLCert, - $sSSLCA, $sSSLCaPath, $sSSLCipher, false); + $sSSLCA, $sSSLCaPath, $sSSLCipher, true, false); if ($oMysqli->connect_errno) {