Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add setting to trust SQL Server's certificate #470

Open
HannahVernon opened this issue Feb 23, 2022 · 3 comments
Open

Add setting to trust SQL Server's certificate #470

HannahVernon opened this issue Feb 23, 2022 · 3 comments

Comments

@HannahVernon
Copy link

I had to modify the public function db_connect( $allow_bail = true ) function in wp-includes/wp-db.php to allow php to connect to my SQL Server using a non-CA-trusted certificate.

I changed the following lines:

if ( getenv('ProjectNami.UTF8') ) {
	$this->dbh = sqlsrv_connect( $this->dbhost, array( "Database"=> $this->dbname, "UID"=> $this->dbuser, "PWD"=> $this->dbpassword, 'ReturnDatesAsStrings'=>true, 'MultipleActiveResultSets'=> false, 'CharacterSet'=> 'UTF-8') );
} else {
	$this->dbh = sqlsrv_connect( $this->dbhost, array( "Database"=> $this->dbname, "UID"=> $this->dbuser, "PWD"=> $this->dbpassword, 'ReturnDatesAsStrings'=>true, 'MultipleActiveResultSets'=> false) );
}

to

if ( getenv('ProjectNami.UTF8') ) {
	$this->dbh = sqlsrv_connect( $this->dbhost, array( "Database"=> $this->dbname, "UID"=> $this->dbuser, "PWD"=> $this->dbpassword, 'ReturnDatesAsStrings'=>true, 'MultipleActiveResultSets'=> false, 'CharacterSet'=> 'UTF-8', 'TrustServerCertificate'=> true) );
} else {
	$this->dbh = sqlsrv_connect( $this->dbhost, array( "Database"=> $this->dbname, "UID"=> $this->dbuser, "PWD"=> $this->dbpassword, 'ReturnDatesAsStrings'=>true, 'MultipleActiveResultSets'=> false, 'TrustServerCertificate'=> true) );
}

I added the ODBC Connection parameter for TrustServerCertificate to be true, instead of the default false.

Problem now is, any new updates from the ProjectNami github project will reset the change. It would be great to have a setting for that in the wp-config.php file, or something along those lines to ensure that updates don't clobber the connection parameters.
@HannahVernon
Copy link
Author

I don't have strong enough php skills to be of any help in suggesting a code change via a PR, otherwise I'd do that 🙂

@patrickebates
Copy link
Member

What would be the downside of just adding this parameter without any settings for control?

@HannahVernon
Copy link
Author

While it wouldn't prevent any non-encrypted connectivity, having the option to only connect via trusted certificates is probably important for some folks. For me, having the TrustServerCertificate setting defaulted to true would be fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@patrickebates @HannahVernon