Hi there,
How does this break MailPoet exactly? Do you see any error in specific?
MailPoet is unable to connect to the MySQL database when require ssl is configured for the user.
Hi again @chaplina 👋🏽
Do you have any error message, log, or screenshot that you can share with us? I would be glad to review this further with that info.
Cheers
The error displayed in the site using MailPoet is the “Unable to connect to the database…” message.
Since MailPoet does not use the wpdb API to connect to the database, it will need to somehow recognize the SSL config associated with the database connection for WordPress.
The line in our wp-config.php that enforces SSL is:
define(‘MYSQL_CLIENT_FLAGS’,MYSQLI_CLIENT_SSL|MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT);
Hi there @chaplina,
Thank you for your patience while we’ve been looking into this!
I checked with our developers and confirmed that MailPoet doesn’t support SSL connections to the database.
You can try the following workaround but this is not something we can help you with: https://www.simonjanvier.com/developpement/805-setup-mailpoet-with-a-remote-ssl-database-connexion.
As a long-term goal, we plan to fully use the WordPress database connection but it will take some time to implement it. We have also logged your request as a suggested feature internally and we will evaluate the number of requests coming about it.
I hope this clarifies a bit, but please let us know if you have any questions!
Thanks for the information.
We can live with MailPoet not using SSL for the database connection (although that may change if our security audit makes certain recommendations).
Modifying that file is not onerous but we’d have to check it after every plugin upgrade.
It looks like the only lines needed would be:
PDO::MYSQL_ATTR_SSL_CA => ‘/etc/pki/tls/cert.pem’,
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => false
I’ve added them in our test site, configured the mysql user to require ssl and mailpoet no longer reports any errors.
Thanks to all who provided assistance and happy new year!
Hi there @chaplina,
I’m glad to hear that you found a workaround 🙂
Happy New Year to you too!
