From 85d5fc4228d2a5d35ff9f365e1d12f3e70fe65ba Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Fri, 6 Jun 2025 15:03:14 +0200 Subject: [PATCH 01/15] Add SSL flag --- src/Config_Command.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/src/Config_Command.php b/src/Config_Command.php index 5503f545..c6fcf461 100644 --- a/src/Config_Command.php +++ b/src/Config_Command.php @@ -166,6 +166,9 @@ private static function get_initial_locale() { * [--insecure] * : Retry API download without certificate validation if TLS handshake fails. Note: This makes the request vulnerable to a MITM attack. * + * [--ssl] + * : Enable SSL connection. + * * ## EXAMPLES * * # Standard wp-config.php file @@ -201,6 +204,7 @@ public function create( $_, $assoc_args ) { 'dbcollate' => '', 'locale' => self::get_initial_locale(), 'config-file' => rtrim( ABSPATH, '/\\' ) . '/wp-config.php', + 'ssl' => false, ]; $assoc_args = array_merge( $defaults, $assoc_args ); if ( empty( $assoc_args['dbprefix'] ) ) { @@ -226,12 +230,18 @@ public function create( $_, $assoc_args ) { $host = substr( $host, 0, $socket_pos ); } + $flags = 0; + + if ( $assoc_args['ssl'] ) { + $flags = MYSQLI_CLIENT_SSL; + } + if ( file_exists( $socket ) ) { // If dbhost is a path to a socket - mysqli_real_connect( $mysql, null, $assoc_args['dbuser'], $assoc_args['dbpass'], null, null, $socket ); + mysqli_real_connect( $mysql, null, $assoc_args['dbuser'], $assoc_args['dbpass'], null, null, $socket, $flags ); } else { // If dbhost is a hostname or IP address - mysqli_real_connect( $mysql, $host, $assoc_args['dbuser'], $assoc_args['dbpass'] ); + mysqli_real_connect( $mysql, $host, $assoc_args['dbuser'], $assoc_args['dbpass'], null, null, null, $flags ); } } catch ( mysqli_sql_exception $exception ) { WP_CLI::error( 'Database connection error (' . $exception->getCode() . ') ' . $exception->getMessage() ); From 606a34ef4fae52c1f6329212b17fad88a100c0a1 Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Fri, 25 Jul 2025 09:59:16 +0200 Subject: [PATCH 02/15] Add behat test creating user requiring ssl connection and creating a config --- features/config-create.feature | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/features/config-create.feature b/features/config-create.feature index bcbcf323..03cde962 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -293,3 +293,15 @@ Feature: Create a wp-config file PasswordWith'SingleQuotes' """ + @require-mysql + Scenario: Configure with required SSL connection + Given an empty directory + And WP files + And I run `MYSQL_PWD='{WP_CLI_TEST_DBROOTPASS}' mysql -u root -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` + + When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` + Then the return code should be 0 + Then the wp-config.php file should contain: + """ + define( 'DB_USER', 'wp_cli_test_ssl' ) + """ From 3e71b2eb25702f2e8ec8a9cd4c4992bc44a51f4a Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Fri, 25 Jul 2025 10:04:25 +0200 Subject: [PATCH 03/15] Fix test --- features/config-create.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/config-create.feature b/features/config-create.feature index d33f6e67..df854b26 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -251,7 +251,7 @@ Feature: Create a wp-config file When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 - Then the wp-config.php file should contain: + And the wp-config.php file should contain: """ define( 'DB_USER', 'wp_cli_test_ssl' ) """ From 78a85ada221f47761e61a367cfb448e6ef1d84c2 Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Fri, 25 Jul 2025 10:19:52 +0200 Subject: [PATCH 04/15] Use different var for root pw --- features/config-create.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/config-create.feature b/features/config-create.feature index df854b26..7b4a81ef 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -247,7 +247,7 @@ Feature: Create a wp-config file Scenario: Configure with required SSL connection Given an empty directory And WP files - And I run `MYSQL_PWD='{WP_CLI_TEST_DBROOTPASS}' mysql -u root -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 From ade7746e0a48f9403ce1869d0b6031806157b79b Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Fri, 25 Jul 2025 10:23:52 +0200 Subject: [PATCH 05/15] Add host to try and fix tests --- features/config-create.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/config-create.feature b/features/config-create.feature index 7b4a81ef..95030290 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -247,7 +247,7 @@ Feature: Create a wp-config file Scenario: Configure with required SSL connection Given an empty directory And WP files - And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -h {DB_HOST} -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 From 3e7d3093c097156bcd4d118b8d6944f788a1a968 Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Fri, 25 Jul 2025 10:29:58 +0200 Subject: [PATCH 06/15] retry with different var --- features/config-create.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/config-create.feature b/features/config-create.feature index 95030290..0e63e4cd 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -247,7 +247,7 @@ Feature: Create a wp-config file Scenario: Configure with required SSL connection Given an empty directory And WP files - And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -h {DB_HOST} -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -h {MYSQL_HOST} -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 From afbd6748c1a135fe247fe3bb2035025924951d82 Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Fri, 25 Jul 2025 10:33:03 +0200 Subject: [PATCH 07/15] Add port --- features/config-create.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/config-create.feature b/features/config-create.feature index 0e63e4cd..b2f37099 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -247,7 +247,7 @@ Feature: Create a wp-config file Scenario: Configure with required SSL connection Given an empty directory And WP files - And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -h {MYSQL_HOST} -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -h{MYSQL_HOST} -P{MYSQL_PORT} -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 From bae6126c189168dccc8be398137d8dce53171c57 Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Fri, 25 Jul 2025 10:57:27 +0200 Subject: [PATCH 08/15] Attempt to get test working for ancient mysql version --- features/config-create.feature | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/features/config-create.feature b/features/config-create.feature index b2f37099..19e6080a 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -247,7 +247,8 @@ Feature: Create a wp-config file Scenario: Configure with required SSL connection Given an empty directory And WP files - And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -h{MYSQL_HOST} -P{MYSQL_PORT} -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -h{MYSQL_HOST} -P{MYSQL_PORT} -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2';"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -h{MYSQL_HOST} -P{MYSQL_PORT} -e "ALTER user 'wp_cli_test_ssl'@'127.0.0.1' REQUIRE SSL;"` When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 From 426606928401e64bbd877fabee0799af47338aae Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Fri, 25 Jul 2025 11:11:14 +0200 Subject: [PATCH 09/15] Update mysql syntax to try and make it compatible with mysql 5.6 --- features/config-create.feature | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/features/config-create.feature b/features/config-create.feature index 19e6080a..bc983b8b 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -247,8 +247,9 @@ Feature: Create a wp-config file Scenario: Configure with required SSL connection Given an empty directory And WP files - And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -h{MYSQL_HOST} -P{MYSQL_PORT} -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2';"` - And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' mysql -u root -h{MYSQL_HOST} -P{MYSQL_PORT} -e "ALTER user 'wp_cli_test_ssl'@'127.0.0.1' REQUIRE SSL;"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1';"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "SET PASSWORD FOR 'wp_cli_test_ssl'@'127.0.0.1' = 'password2';"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "ALTER user 'wp_cli_test_ssl'@'127.0.0.1' REQUIRE SSL;"` When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 From b15e3beb7137801e36825f0650c5b1be46a6bc1e Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Fri, 25 Jul 2025 11:18:28 +0200 Subject: [PATCH 10/15] Swap run with try so it doesnt fail locally if the user exists --- features/config-create.feature | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/features/config-create.feature b/features/config-create.feature index bc983b8b..6ee0571f 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -247,9 +247,7 @@ Feature: Create a wp-config file Scenario: Configure with required SSL connection Given an empty directory And WP files - And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'127.0.0.1';"` - And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "SET PASSWORD FOR 'wp_cli_test_ssl'@'127.0.0.1' = 'password2';"` - And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "ALTER user 'wp_cli_test_ssl'@'127.0.0.1' REQUIRE SSL;"` + And I try `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "CREATE USER 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 From db853e7210b4c51cffe712a83b1772d4b31c8cae Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Fri, 25 Jul 2025 11:26:55 +0200 Subject: [PATCH 11/15] Update host for user --- features/config-create.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/config-create.feature b/features/config-create.feature index 6ee0571f..300a4e90 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -247,7 +247,7 @@ Feature: Create a wp-config file Scenario: Configure with required SSL connection Given an empty directory And WP files - And I try `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "CREATE USER 'wp_cli_test_ssl'@'127.0.0.1' IDENTIFIED BY 'password2' REQUIRE SSL;"` + And I try `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "CREATE USER 'wp_cli_test_ssl'@'%' IDENTIFIED BY 'password2' REQUIRE SSL;"` When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 From cf5db36f37680eaf97e10eae70dda9ee24671c96 Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Mon, 28 Jul 2025 10:02:51 +0200 Subject: [PATCH 12/15] Limit test to mysql 5.7 and up due to SQL syntax --- features/config-create.feature | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/features/config-create.feature b/features/config-create.feature index 300a4e90..0e4e3ac7 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -243,11 +243,11 @@ Feature: Create a wp-config file PasswordWith'SingleQuotes' """ - @require-mysql + @require-mysql-5.7 Scenario: Configure with required SSL connection Given an empty directory And WP files - And I try `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "CREATE USER 'wp_cli_test_ssl'@'%' IDENTIFIED BY 'password2' REQUIRE SSL;"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'%' IDENTIFIED BY 'password2' REQUIRE SSL;"` When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 From b27a45a179acaeb3d254263b2baac91a58be65f7 Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Mon, 28 Jul 2025 10:12:29 +0200 Subject: [PATCH 13/15] Add check for mariadb --- features/config-create.feature | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/features/config-create.feature b/features/config-create.feature index 0e4e3ac7..3285cd8f 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -247,7 +247,7 @@ Feature: Create a wp-config file Scenario: Configure with required SSL connection Given an empty directory And WP files - And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'%' IDENTIFIED BY 'password2' REQUIRE SSL;"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mariadb || mysql -u root -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'%' IDENTIFIED BY 'password2' REQUIRE SSL;"` When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 From c26491ec7e43579f287168f7aeeadddd8bc3e27b Mon Sep 17 00:00:00 2001 From: Michael Withagen Date: Mon, 28 Jul 2025 10:25:58 +0200 Subject: [PATCH 14/15] Add require mysql to exclude sql lite --- features/config-create.feature | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/features/config-create.feature b/features/config-create.feature index 3285cd8f..536f1859 100644 --- a/features/config-create.feature +++ b/features/config-create.feature @@ -243,11 +243,11 @@ Feature: Create a wp-config file PasswordWith'SingleQuotes' """ - @require-mysql-5.7 + @require-mysql @require-mysql-5.7 Scenario: Configure with required SSL connection Given an empty directory And WP files - And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mariadb || mysql -u root -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'%' IDENTIFIED BY 'password2' REQUIRE SSL;"` + And I run `MYSQL_PWD='{DB_ROOT_PASSWORD}' MYSQL_HOST='{MYSQL_HOST}' MYSQL_TCP_PORT='{MYSQL_PORT}' mysql -u root -e "CREATE USER IF NOT EXISTS 'wp_cli_test_ssl'@'%' IDENTIFIED BY 'password2' REQUIRE SSL;"` When I try `wp config create --dbhost=127.0.0.1 --dbname=wp_cli_test --dbuser=wp_cli_test_ssl --dbpass=password2 --ssl` Then the return code should be 0 From 9f3e3677a4ace87d73c8b2ba5e462825d7ebfe12 Mon Sep 17 00:00:00 2001 From: Pascal Birchler Date: Mon, 28 Jul 2025 11:38:12 +0200 Subject: [PATCH 15/15] Adjust docs --- src/Config_Command.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Config_Command.php b/src/Config_Command.php index 3f91565a..5b76aba0 100644 --- a/src/Config_Command.php +++ b/src/Config_Command.php @@ -167,7 +167,7 @@ private static function get_initial_locale() { * : Retry API download without certificate validation if TLS handshake fails. Note: This makes the request vulnerable to a MITM attack. * * [--ssl] - * : Enable SSL connection. + * : Use SSL when checking the database connection. * * ## EXAMPLES *