Requiring SSL for the database connection for MediaWiki/Apache/PHP/MySQL with OpenSSL

Question

Hi,

For a school project, I have installed MediaWiki on my local machine, and am required to have any database connection to the local MySQL database use SSL. I am unsure of how to connect all the dots. Here's what I have done so far:

1. I have installed OpenSSL, and created a self-signed certificate, and associated keys.
2. phpinfo() shows OpenSSL as being enabled.
3. I have included this in the [mysqld] section of my.ini:

ssl-key="C:/newcerts/server-key.pem" ssl-cert="C:/newcerts/server-cert.pem" ssl-ca="C:/newcerts/ca-cert.pem"

1. Running MySQL Command Line prompts me for the root password, and upon entering it, I get Error 1045:Access denied, etc.

2. Running mysql -u root -p ssl-ca="C:/newcerts/ca-cert.pem" from the bin directory and entering the password succeeds, and gives me a mysql prompt. Running status shows SSL: Cipher in use is DHE-RSA-AES256-SHA.

Here's where I'm confused. What else needs to be done (like through Apache or a PHP config file, or a MediaWiki file) to require database connections to use SSL?

Answer 1

You're going to want to use the mysqli extension because the native php/mysql extension does not support SSL. See the mysqli SSL related function:

http://us.php.net/manual/en/mysqli.ssl-set.php

That being said, the DB class in MediaWiki is abstracted out, but to the best of my knowledge the existing implemenation uses the regular php/mysql, NOT mysqli so I think you're going to have write your own mysqli adapter, or maybe somebody already has.

Either way you will need to get MediaWiki to use a mysqli adapter.