update to return full path to used, additional secure setting

TheTechsTech · TheTechsTech · commit 4e38ef9c495c · 2019-03-13T22:30:58.000-04:00
diff --git a/lib/ez_sql_pdo.php b/lib/ez_sql_pdo.php
@@ -104,7 +104,11 @@ public static function securePDO(
     {
         if (\array_key_exists(\strtolower($vendor), \VENDOR) 
             && (! \file_exists($path.$cert) || ! \file_exists($path.$key)))
-            ezQuery::createCertificate();
+            $path = ezQuery::createCertificate();
+        elseif ($path == '.'.\_DS) {
+            $ssl_path = \getcwd();
+            $path = \preg_replace('/\\\/', \_DS, $ssl_path). \_DS;
+        }
 
         if (($vendor == 'pgsql') || ($vendor == 'postgresql')) {
             self::$secure = "sslmode=require;sslcert=".$path.$cert.";sslkey=".$path.$key.";sslrootcert=".$path.$ca.";";
@@ -114,7 +118,9 @@ public static function securePDO(
                 \PDO::MYSQL_ATTR_SSL_KEY => $path.$key,
                 \PDO::MYSQL_ATTR_SSL_CERT => $path.$cert,
                 \PDO::MYSQL_ATTR_SSL_CA => $path.$ca,
-                \PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false,
+                \PDO::MYSQL_ATTR_SSL_CAPATH => $path,
+                \PDO::MYSQL_ATTR_SSL_CIPHER => 'DHE-RSA-AES256-SHA',
+                \PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
             );
         } elseif (($vendor == 'sqlserver') || ($vendor == 'mssql') || ($vendor == 'sqlsrv')) {
             self::$secure = ";Encrypt=true;TrustServerCertificate=true";
diff --git a/shared/ezQuery.php b/shared/ezQuery.php
@@ -53,6 +53,7 @@ public static function clean($string)
      *      "emailAddress" => ''
      *  ];
      * 
+     * @return string certificate path
      */
     public static function createCertificate(
         string $privatekeyFile = 'certificate.key', 
@@ -63,7 +64,7 @@ public static function createCertificate(
         array $details = ["commonName" => "localhost"]
     ) 
     {
-        if (empty($ssl_path) || ! \is_dir($ssl_path)) {
+        if (empty($ssl_path)) {
             $ssl_path = \getcwd();
             $ssl_path = \preg_replace('/\\\/', \_DS, $ssl_path). \_DS;
         } else
@@ -88,6 +89,8 @@ public static function createCertificate(
         
         // Create a signing request file 
         \openssl_csr_export_to_file($csr, $ssl_path.$signingFile);
+
+        return $ssl_path;
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,7 @@ public static function clean($string)`
`53`	`53`	`* "emailAddress" => ''`
`54`	`54`	`* ];`
`55`	`55`	`*`
	`56`	`+ * @return string certificate path`
`56`	`57`	`*/`
`57`	`58`	`public static function createCertificate(`
`58`	`59`	`string $privatekeyFile = 'certificate.key',`
`@@ -63,7 +64,7 @@ public static function createCertificate(`
`63`	`64`	`array $details = ["commonName" => "localhost"]`
`64`	`65`	`)`
`65`	`66`	`{`
`66`		`- if (empty($ssl_path) \|\| ! \is_dir($ssl_path)) {`
	`67`	`+ if (empty($ssl_path)) {`
`67`	`68`	`$ssl_path = \getcwd();`
`68`	`69`	`$ssl_path = \preg_replace('/\\\/', \_DS, $ssl_path). \_DS;`
`69`	`70`	`} else`
`@@ -88,6 +89,8 @@ public static function createCertificate(`
`88`	`89`
`89`	`90`	`// Create a signing request file`
`90`	`91`	`\openssl_csr_export_to_file($csr, $ssl_path.$signingFile);`
	`92`	`+`
	`93`	`+ return $ssl_path;`
`91`	`94`	`}`
`92`	`95`
`93`	`96`	`/**`