New isConnectionEncryptionSupported method

[andrepereiradasilva]

Summary of Changes

Continuing #177.
To check if the there is server side support to TLS connection to the database this PR adds a new method isConnectionEncryptionSupported in MySQLi/PDO MySQL/PDO PostgreSQL drivers

Testing Instructions

1. Code review
2. Use joomla 4 latest + this changes
3. Prepare your database server to support encrypted conenction

For MySQLi / PDO MySQL

- Add in /etc/my.cnf (replace for instance, with your public https certificates/private key)

[mysqld]
; [...] more mysql/mariadb server configuration options
ssl        = 1
ssl_cert   = /etc/pki/tls/certs/fullchain.cer ; certificate + intermediates
ssl_ca     = /etc/pki/tls/certs/ca-bundle.crt
ssl_key    = /etc/pki/tls/private/yourdomain.key
ssl_cipher = kECDHE+aECDSA+AESGCM+AES128:kECDHE+aECDSA+AESGCM+AES256:kECDHE+aECDSA+AES128+SHA:kECDHE+aECDSA+AES256+SHA:kDHE+aECDSA+AES128:kDHE+aECDSA+AES256:kECDHE+aRSA+AESGCM+AES128:kECDHE+aRSA+AESGCM+AES256:kECDHE+aRSA+AES128+SHA:kECDHE+aRSA+AES256+SHA:kDHE+aRSA+AESGCM+AES128:kDHE+aRSA+AESGCM+AES256:kDHE+aRSA+AES128:kDHE+aRSA+AES256:kRSA+aRSA+AESGCM+AES128:kRSA+aRSA+AESGCM+AES256:kRSA+aRSA+AES128+SHA:kRSA+aRSA+AES256+SHA

• restart the server systemctl restart mariadb (or systemctl restart mysqld)

For PostgreSQL

- Add in/var/lib/pgsql/data/postgresql.conf (or /var/lib/pgsql/[VERSION]/data/postgresql.conf) (replace for instance, with your public https certificates/private key)

ssl = on
ssl_ca_file = '/etc/pki/tls/certs/ca-bundle.crt'
ssl_cert_file = '/etc/pki/tls/certs/fullchain.cer' # certificate + intermediates
ssl_key_file = '/etc/pki/tls/private/yourdomain.key'
ssl_ciphers = 'kECDHE+aECDSA+AESGCM+AES128:kECDHE+aECDSA+AESGCM+AES256:kECDHE+aECDSA+AES128+SHA:kECDHE+aECDSA+AES256+SHA:kDHE+aECDSA+AES128:kDHE+aECDSA+AES256:kECDHE+aRSA+AESGCM+AES128:kECDHE+aRSA+AESGCM+AES256:kECDHE+aRSA+AES128+SHA:kECDHE+aRSA+AES256+SHA:kDHE+aRSA+AESGCM+AES128:kDHE+aRSA+AESGCM+AES256:kDHE+aRSA+AES128:kDHE+aRSA+AES256:kRSA+aRSA+AESGCM+AES128:kRSA+aRSA+AESGCM+AES256:kRSA+aRSA+AES128+SHA:kRSA+aRSA+AES256+SHA'

• restart the server systemctl restart postgresql (or systemctl restart postgresql-[VERSION])

4. Call the new method enabling/disabling ssl on the server, if is not available the method should give `false`, if available should give `true`. Something like:

echo $db->isConnectionEncryptionSupported();

Documentation Changes Required

None.

@richard67 this time i have setup a postgresql database to test, but still no expert in this.

[richard67]

@andrepereiradasilva I'm also no PostgreSQL expert. I just have one for testing purpose. My database knowledge is based on Oracle.

[andrepereiradasilva]

my is the first time installing postgresql, used official yum repository https://yum.postgresql.org/repopackages.php#pg11 (centos 7 - version 11 )

the tests failing is not related to this PR, someone please restart the tests, if possible

[richard67]

From code review and reading MySQL and PostgreSQL docs it looks good. Will find time for test latest on weekend.

[richard67]

Test with PostgreSQL 10.10 (Ubuntu 10.10-0ubuntu0.18.04.1) successful. When is switched off on db server, value is false, when it is switched on, value is true.

Will test soon on MySQL.

[richard67]

Test with MySQL 5.7.27-0ubuntu0.18.04.1 using MySQLi driver is also successful.

[richard67]

Finally test with MySQL 5.7.27-0ubuntu0.18.04.1 using MySQL (PDO) driver is also successful.

[wilsonge]

Thanks!