MISP icon indicating copy to clipboard operation
MISP copied to clipboard

Published 20 hours ago verified publisher icon MISP

Support: Mysql connection with ssl_key, ssl_cert and ssl_ca

Open srPuebla opened this issue 5 months ago • 0 comments

Support Questions

Hi,

Does MISP has support to connect to MYSQL with a certificate SSL? I mean, command connection would be on this way: mysql --ssl-ca=./ca.pem --ssl-cert=./client-cert.pem --ssl-key=./client-key.pem -h <hostname> -u <username> -D <databasename>

Could be posible to add supports to "ssl_key", "ssl_cert" and "ssl_ca" for Mysql connector?

In MISP i see that in the file MysqlExtendedLogging.php you have the next configuration:


/**
 * Connects to the database using options in the given configuration array.
 *
 * MySQL supports a few additional options that other drivers do not:
 *
 * - `unix_socket` Set to the path of the MySQL sock file. Can be used in place
 *   of host + port.
 * - `ssl_key` SSL key file for connecting via SSL. Must be combined with `ssl_cert`.
 * - `ssl_cert` The SSL certificate to use when connecting via SSL. Must be
 *   combined with `ssl_key`.
 * - `ssl_ca` The certificate authority for SSL connections.
 *
 * @return bool True if the database could be connected, else false
 * @throws MissingConnectionException
 */
	public function connect() {
		$config = $this->config;
		$this->connected = false;

		$flags = $config['flags'] + array(
			PDO::ATTR_PERSISTENT => $config['persistent'],
			PDO::MYSQL_ATTR_USE_BUFFERED_QUERY => true,
			PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
		);

		if (!empty($config['encoding'])) {
			$flags[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES ' . $config['encoding'];
		}
		if (!empty($config['ssl_key']) && !empty($config['ssl_cert'])) {
			$flags[PDO::MYSQL_ATTR_SSL_KEY] = $config['ssl_key'];
			$flags[PDO::MYSQL_ATTR_SSL_CERT] = $config['ssl_cert'];
		}
		if (!empty($config['ssl_ca'])) {
			$flags[PDO::MYSQL_ATTR_SSL_CA] = $config['ssl_ca'];
		}

And in database.php you will have:


class DATABASE_CONFIG {

	public $default = array(
		'datasource' => 'Database/Mysql',
		//'datasource' => 'Database/Postgres',
		'persistent' => false,
		'host' => 'localhost',
		'login' => 'db login',
		'port' => 3306, // MySQL & MariaDB
		//'port' => 5432, // PostgreSQL
		'password' => 'db password',
		'database' => 'misp',
		'prefix' => '',
		'encoding' => 'utf8',
		**'ssl_key' => '/opt/misp/mispmysql.key',
		'ssl_cert' => '/opt/misp/mispmysql.cert',
		'ssl_ca' => '/opt/misp/mispmysql.ca',**
	);
}

That its correct?

Thanks

MISP version

2.4.197

Operating System

Ubuntu

Operating System version

20.04

PHP version

20190902

Browser

No response

Browser version

No response

Relevant log output

No response

Extra attachments

No response

Code of Conduct

  • [x] I agree to follow this project's Code of Conduct

srPuebla avatar Sep 16 '24 07:09 srPuebla