Added the ability to use TLS when connecting to a database. (#24348)

* Added the ability to use TLS when connecting to a database.

* Trying to kickstart CI checks

* Revert the kickstart change

Co-authored-by: myuzhobcplidtkieno <myuzhobcplidtkieno@github.com>
Co-authored-by: Giacomo Pozzoni <giacomopoz@gmail.com>
(cherry picked from commit ae553f89664a4baade80020856c9ff66323de963)

6 files changed, 31 insertions, 7 deletions

diff --git a/src/server/bnetserver/bnetserver.conf.dist b/src/server/bnetserver/bnetserver.conf.dist
index 37e92682429..9f0c7648030 100644
--- a/src/server/bnetserver/bnetserver.conf.dist
+++ b/src/server/bnetserver/bnetserver.conf.dist
@@ -215,13 +215,16 @@ IPLocationFile = ""
 #
 #    LoginDatabaseInfo
 #        Description: Database connection settings for the realm server.
-#        Example:     "hostname;port;username;password;database"
+#        Example:     "hostname;port;username;password;database;ssl"
 #                     ".;some_number;username;password;database" - (Use named pipes on Windows
 #                                                                 "enable-named-pipe" to [mysqld]
 #                                                                 section my.ini)
 #                     ".;/path/to/unix_socket;username;password;database" - (use Unix sockets on
 #                                                                           Unix/Linux)
 #        Default:     "127.0.0.1;3306;trinity;trinity;auth"
+#
+#    The SSL option will enable TLS when connecting to the specified database. If not provided or
+#    any value other than 'ssl' is set, TLS will not be used.
 
 LoginDatabaseInfo = "127.0.0.1;3306;trinity;trinity;auth"
 
diff --git a/src/server/database/Database/MySQLConnection.cpp b/src/server/database/Database/MySQLConnection.cpp
index c197850ba11..acb96fa5d71 100644
--- a/src/server/database/Database/MySQLConnection.cpp
+++ b/src/server/database/Database/MySQLConnection.cpp
@@ -34,7 +34,7 @@ MySQLConnectionInfo::MySQLConnectionInfo(std::string const& infoString)
 {
     Tokenizer tokens(infoString, ';');
 
-    if (tokens.size() != 5)
+    if (tokens.size() != 5 && tokens.size() != 6)
         return;
 
     uint8 i = 0;
@@ -44,6 +44,9 @@ MySQLConnectionInfo::MySQLConnectionInfo(std::string const& infoString)
     user.assign(tokens[i++]);
     password.assign(tokens[i++]);
     database.assign(tokens[i++]);
+
+    if (tokens.size() == 6)
+        ssl.assign(tokens[i++]);
 }
 
 MySQLConnection::MySQLConnection(MySQLConnectionInfo& connInfo) :
@@ -129,6 +132,16 @@ uint32 MySQLConnection::Open()
     }
     #endif
 
+    if (m_connectionInfo.ssl != "")
+    {
+        my_bool opt_use_ssl = false;
+        if (m_connectionInfo.ssl == "ssl")
+        {
+            opt_use_ssl = true;
+        }
+        mysql_options(mysqlInit, MYSQL_OPT_SSL_ENFORCE, (char const*)&opt_use_ssl);
+    }
+
     m_Mysql = reinterpret_cast<MySQLHandle*>(mysql_real_connect(mysqlInit, m_connectionInfo.host.c_str(), m_connectionInfo.user.c_str(),
         m_connectionInfo.password.c_str(), m_connectionInfo.database.c_str(), port, unix_socket, 0));
 
diff --git a/src/server/database/Database/MySQLConnection.h b/src/server/database/Database/MySQLConnection.h
index e4368db44ba..ea41ce3e0aa 100644
--- a/src/server/database/Database/MySQLConnection.h
+++ b/src/server/database/Database/MySQLConnection.h
@@ -49,6 +49,7 @@ struct TC_DATABASE_API MySQLConnectionInfo
     std::string database;
     std::string host;
     std::string port_or_socket;
+    std::string ssl;
 };
 
 class TC_DATABASE_API MySQLConnection
diff --git a/src/server/database/Updater/DBUpdater.cpp b/src/server/database/Updater/DBUpdater.cpp
index d0ddfcaf9ab..61b82e91099 100644
--- a/src/server/database/Updater/DBUpdater.cpp
+++ b/src/server/database/Updater/DBUpdater.cpp
@@ -220,7 +220,7 @@ bool DBUpdater<T>::Create(DatabaseWorkerPool<T>& pool)
     try
     {
         DBUpdater<T>::ApplyFile(pool, pool.GetConnectionInfo()->host, pool.GetConnectionInfo()->user, pool.GetConnectionInfo()->password,
-            pool.GetConnectionInfo()->port_or_socket, "", temp);
+            pool.GetConnectionInfo()->port_or_socket, "", pool.GetConnectionInfo()->ssl, temp);
     }
     catch (UpdateException&)
     {
@@ -355,12 +355,13 @@ template<class T>
 void DBUpdater<T>::ApplyFile(DatabaseWorkerPool<T>& pool, Path const& path)
 {
     DBUpdater<T>::ApplyFile(pool, pool.GetConnectionInfo()->host, pool.GetConnectionInfo()->user, pool.GetConnectionInfo()->password,
-        pool.GetConnectionInfo()->port_or_socket, pool.GetConnectionInfo()->database, path);
+        pool.GetConnectionInfo()->port_or_socket, pool.GetConnectionInfo()->database, pool.GetConnectionInfo()->ssl, path);
 }
 
 template<class T>
 void DBUpdater<T>::ApplyFile(DatabaseWorkerPool<T>& pool, std::string const& host, std::string const& user,
-    std::string const& password, std::string const& port_or_socket, std::string const& database, Path const& path)
+    std::string const& password, std::string const& port_or_socket, std::string const& database, std::string const& ssl,
+    Path const& path)
 {
     std::vector<std::string> args;
     args.reserve(8);
@@ -404,6 +405,9 @@ void DBUpdater<T>::ApplyFile(DatabaseWorkerPool<T>& pool, std::string const& hos
     // Set max allowed packet to 1 GB
     args.push_back("--max-allowed-packet=1GB");
 
+    if (ssl == "ssl")
+        args.push_back("--ssl");
+
     // Database
     if (!database.empty())
         args.push_back(database);
diff --git a/src/server/database/Updater/DBUpdater.h b/src/server/database/Updater/DBUpdater.h
index 6bb052b36ce..691777e39e0 100644
--- a/src/server/database/Updater/DBUpdater.h
+++ b/src/server/database/Updater/DBUpdater.h
@@ -89,7 +89,8 @@ private:
     static void Apply(DatabaseWorkerPool<T>& pool, std::string const& query);
     static void ApplyFile(DatabaseWorkerPool<T>& pool, Path const& path);
     static void ApplyFile(DatabaseWorkerPool<T>& pool, std::string const& host, std::string const& user,
-        std::string const& password, std::string const& port_or_socket, std::string const& database, Path const& path);
+        std::string const& password, std::string const& port_or_socket, std::string const& database, std::string const& ssl,
+        Path const& path);
 };
 
 #endif // DBUpdater_h__
diff --git a/src/server/worldserver/worldserver.conf.dist b/src/server/worldserver/worldserver.conf.dist
index 8e2c0cb143d..945c2375c10 100644
--- a/src/server/worldserver/worldserver.conf.dist
+++ b/src/server/worldserver/worldserver.conf.dist
@@ -93,7 +93,7 @@ LogsDir = ""
 #    CharacterDatabaseInfo
 #    HotfixDatabaseInfo
 #        Description: Database connection settings for the world server.
-#        Example:     "hostname;port;username;password;database"
+#        Example:     "hostname;port;username;password;database;ssl"
 #                     ".;some_number;username;password;database" - (Use named pipes on Windows
 #                                                                 "enable-named-pipe" to [mysqld]
 #                                                                 section my.ini)
@@ -109,6 +109,8 @@ LogsDir = ""
 #    search for TCE00016 on forum.
 #    Don't open port on firewall to external connections (it belongs to MySQL, not to wow server).
 #    The username you choose must have permissions to create/alter/rename tables.
+#    The SSL option will enable TLS when connecting to the specified database. If not provided or
+#    any value other than 'ssl' is set, TLS will not be used.
 
 LoginDatabaseInfo     = "127.0.0.1;3306;trinity;trinity;auth"
 WorldDatabaseInfo     = "127.0.0.1;3306;trinity;trinity;world"