(dev/core#1926) MySQL SSL - Fixes for Backdrop, Drupal 7, Standalone

[totten]

Overview

This addresses connectivity issue where MySQL-SSL may not work in some environments/call-paths.

(This is an off-shoot from https://lab.civicrm.org/dev/core/-/issues/1926.)

Before

• In testing for https://lab.civicrm.org/dev/core/-/issues/1926, we found this scenario fails:
  • Install Drupal 7 with MySQL SSL
  • Install CiviCRM on the same database
  • Configure MySQL to strictly require SSL. (set global require_secure_transport = 1;)
  • Run bin/cron.php?name=...&pass=...&key=... via HTTP.
• After grepping for the DB::connect() code pattern, it appears the same problem would also affect Backdrop's cron.php and Standalone's session-handler.

After

All three of these should work with MySQL-SSL. (Specifically, I've tested D7 cron.)

Technical Details

The clearest way to understand the problem is to consider: How do you issue a PHP call to connect to the database? This has evolved over various releases of CiviCRM:

• Originally, to connect to MySQL, you simply call DB::connect() with a connection string ($dsn), eg

  $db = DB::connect($dsn);

• Several years later, changes in upstream PHP compelled a transition. Live deployments had $dsn strings using a mix of mysql:// (deprecated) and mysqli:// (maintained) drivers, but we needed all of them to start using the mysqli:// driver. So the idiom changed:

  $dsn = CRM_Utils_SQL::autoSwitchDSN($dsn);
  $db = DB::connect($dsn);

• Several years after that, the idiom changed again to support SSL. Specifically, if the $dsn involves SSL, then DB::connect() requires an extra hint.

  $dsn = CRM_Utils_SQL::autoSwitchDSN($dsn);
  $options = CRM_Utils_SQL::isSSLDSN($dsn) ? ['ssl' => TRUE] : [];
  $db = DB::connect($dsn, $options);

If DB::connect() were called in a single spot, then this evolution would be simple. However, in reality, there are several places which use DB::connect(). And all of them needed these updates.

But several of them are harder to see, so they've been addressed in whack-a-mole fashion. This PR does a little refactoring to ensure that they all work the same.

[civibot]

🤖 Thank you for contributing to CiviCRM! ❤️ We will need to test and review this PR. 👷

Introduction for new contributors...

• If this is your first PR, an admin will greenlight automated testing with the command ok to test or add to whitelist.
• A series of tests will automatically run. You can see the results at the bottom of this page (if there are any problems, it will include a link to see what went wrong).
• A demo site will be built where anyone can try out a version of CiviCRM that includes your changes.
• If this process needs to be repeated, an admin will issue the command test this please to rerun tests and build a new demo site.
• Before this PR can be merged, it needs to be reviewed. Please keep in mind that reviewers are volunteers, and their response time can vary from a few hours to a few weeks depending on their availability and their knowledge of this particular part of CiviCRM.
• A great way to speed up this process is to "trade reviews" with someone - find an open PR that you feel able to review, and leave a comment like "I'm reviewing this now, could you please review mine?" (include a link to yours). You don't have to wait for a response to get started (and you don't have to stop at one!) the more you review, the faster this process goes for everyone 😄
• To ensure that you are credited properly in the final release notes, please add yourself to contributor-key.yml
• For more information about contributing, see CONTRIBUTING.md.

Quick links for reviewers...

• ➡️ PR Demo site (can be rebuilt with the command test this please).
• 📖 Review standards
• 🗒️ Review template (brief or verbose)

➡️ Online demo of this PR 🔗

[totten]

N.B. This variable ($ufDSN) is only used for two things: DB::connect($ufDSN) and new Exception("Cannot connect...$ufDSN...").

The error message may look slightly different, but it's not a meaningful difference.

What is meaningful is that DB::connect() is replaced by CRM_Utils_SQL::connect(), which behaves more reliably.

[seamuslee001]

This seems sensible to me merging