Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 13 additions & 6 deletions plugins/login-akeyless-ssl.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,23 @@ class AdminerAkeylessLoginSsl extends Adminer\Plugin {
function connectSsl() {
$auth = (isset($_POST["auth"]) && is_array($_POST["auth"]) ? $_POST["auth"] : array());
$sslMode = (isset($auth["ssl_mode"]) ? trim((string) $auth["ssl_mode"]) : "");
$driver = $this->currentDriver($auth);

// msodbcsql18 defaults an unset Encrypt to mandatory TLS with certificate
// validation, which breaks the default (no-SSL) path that connected plaintext
// under msodbcsql17. Always encrypt in transit; validate the server certificate
// only when the user opts into SSL mode, so existing connections stay reachable.
if ($driver == "mssql") {
return array(
"Encrypt" => true,
"TrustServerCertificate" => ($sslMode == ""),
);
}

if ($sslMode == "") {
return null;
}

$driver = $this->currentDriver($auth);
switch ($driver) {
case "pgsql":
case "postgres":
Expand All @@ -28,11 +40,6 @@ function connectSsl() {
"ca" => $ca,
"verify" => true,
);
case "mssql":
return array(
"Encrypt" => true,
"TrustServerCertificate" => false,
);
}

return null;
Expand Down
Loading