New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mysql SSL connection support from pull request #8049 #10866
Conversation
Hi Geoff, Thanks for the Pull request! It looks really good so far. Ideally we would be running the test on Travis CI. Maybe you could investigate how we could enable ssl connections on Travis CI so the integration test could run? |
Hi @gwaggott |
Thank you for this proposed pull request. Because it was last updated more than one month ago, it is our policy to close pull requests opened for a long time without updates. If you would like to continue work on the pull request, please simply ping us to have it re-opened (after you have pushed a new commit). We hope you understand this and we look forward to seeing an update from you on this pull request or another one! Thanks. |
I think this PR would be actually good to merge and can't really "break" anything and users confirm it works. Be good to have SSL support for mysql? |
copy-pasting my response from #7039
|
@tsteur/@mattab any updates on this one? |
As @tsteur mentions, in this particular case of a security improvement, it's still better to have the feature un-tested (but confirmed as working by a few users) rather than not have it at all. We'll definitely take a look at it (Assigned it to 3.4.0 for now) |
So I need to backtrack a little bit on my initial statement about this working. It's a little difficult for me to troubleshoot, as I'm not particularly familiar with the piwik/matomo internals, and we're working off an older version (2.16.1), but is it possible that piwik/matomo is creating multiple mysql connections, where one is using ssl for the db connection and the other isn't? We're observing the following behavior: The core of piwik/matomo works fine. dashboards load, I can view visitor logs, etc. A couple widgets that are dynamically updated are failing to load, and the root cause appears to be a mysql auth issue. These are items like the real time visitor count. The only relevant logs I'm able to find in our dockerized container are from nginx logs:
|
Figured it out, |
Hi @cah-andrewfitzgerald |
Sorry for the delay @mattab, I've got a reminder set to take a look after work today |
@mattab tested locally & tweaked the PR a bit (included a new option so it'll work w/ self-signed certificates (for testing)). good to merge |
Created an issue for writing the FAQ: #12636 |
Probably an unnecessary reminder, but this should not be released without merging #12631 (as Tracker requests will fail if the db requires SSL). |
@mattab can we merge this PR? |
…o-org#10866) * Mysql SSL connection support from pull request matomo-org#8049 * updated minified js * Add ssl_no_verify config option for skipping certificate verification (works only on some PHP setups). * Remove TODO comment from DbOverSSLCheck diagnostic, will create issue. * Skip test if SSL is not enabled * Undo changes to piwik.js for tests. * Tweak to DbSSLTest.
Hi,
I require an SSL connection to MySQL in AWS RDS, so I'm creating a new pull request from the changes first proposed in #8049.
Can you let me know what further work is required to make it suitable for merging.
Regards,
Geoff