diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/config.sample.php | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/config/config.sample.php b/config/config.sample.php index 4fcfc5fb6fd..5f3f33dfa41 100644 --- a/config/config.sample.php +++ b/config/config.sample.php @@ -1221,7 +1221,7 @@ $CONFIG = [ * For enhanced security it is recommended to configure Redis * to require a password. See http://redis.io/topics/security * for more information. - * + * * We also support redis SSL/TLS encryption as of version 6. * See https://redis.io/topics/encryption for more information. */ @@ -1498,9 +1498,19 @@ $CONFIG = [ /** * Additional driver options for the database connection, eg. to enable SSL * encryption in MySQL or specify a custom wait timeout on a cheap hoster. + * + * When setting up TLS/SSL for encrypting the connections, you need to ensure that + * the passed keys and certificates are readable by the PHP process. In addition + * PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT might need to be set to false, if the + * database servers certificates CN does not match with the hostname used to connect. + * The standard behavior here is different from the MySQL/MariaDB CLI client, which + * does not verify the server cert except --ssl-verify-server-cert is passed manually. */ 'dbdriveroptions' => [ PDO::MYSQL_ATTR_SSL_CA => '/file/path/to/ca_cert.pem', + PDO::MYSQL_ATTR_SSL_KEY => '/file/path/to/mysql-client-key.pem', + PDO::MYSQL_ATTR_SSL_CERT => '/file/path/to/mysql-client-cert.pem', + PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false, PDO::MYSQL_ATTR_INIT_COMMAND => 'SET wait_timeout = 28800' ], |