Support for Encrypt, TrustServerCertificate, and MultisubnetFailover connection options in installer form

Created on 24 May 2023, over 1 year ago

Updated 16 January 2024, 10 months ago

Problem/Motivation

Support for setting these connection options in settings.php was added in #3291464 ✨ Support for SQL Server specific DSN connection options Fixed , however at present they can only be used by manually editing settings.php.

This leads to a poor experience when using installing Drupal 10 through the web interface in situations where there is a need to control these setting, for example in testing / development environments when using a SQL Server instance with a self-signed certificate: the Microsoft ODBC Driver enables Encrypt by default since version 18, but doesn't enable TrustServerCertificate by default, which results in the installer being unable to connect to the database due to the certificate failing to verify, with no way to resolve from the installer interface - the only way to continue the installation in this scenario is to manually configure settings.php

Steps to reproduce

Create new Drupal project with the sqlsrv module and visit site in the browser to launch the installer
Provide database connection details for an SQL Server instance which uses a self signed certificate (e.g. using the official SQL Server Docker image

Expected: successful connection to the database and continuation to step 5 of the installer.
Actual: An error message saying Failed to connect to your database server. The server reports the following message: SQLSTATE[08001]: [Microsoft][ODBC Driver 18 for SQL Server]SSL Provider: [error:0A000086:SSL routines::certificate verify failed:self-signed certificate].

Proposed resolution

Add support for the Encrypt, TrustServerCertificate, and MultiSubnetFailover connection options in the 'Advanced options' dropdown of the database connection form. The MultiSubnetFailover is not related to hte encryption scenario outlined here, but is important when connecting to an SQL Server availability group (see SQL Server Native Client Support for High Availability, Disaster Recovery.

Remaining tasks

Add form elements for these settings in Drupal\sqlsrv\Driver\Database\sqlsrv\Install::getFormOptions()

User interface changes

Three new checkbox form elements in the install form 'Advanced options' fieldset, one for each connection option. The Encrypt option should be enabled by default with the other two options disabled by default.

✨ Feature request

Status

Fixed

Version

4.4

Component

Code

Created by

🇬🇧United Kingdom pstewart

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @pstewart
Comment over 1 year ago →
🇬🇧United Kingdom pstewart

Comment over 1 year ago →

System Message

pstewart → committed 4c2ba962 on 4.4.x

Issue #3362395 by pstewart: Support for Encrypt, TrustServerCertificate...

Status changed to Needs review over 1 year ago11:47am 24 May 2023
Comment over 1 year ago →
🇬🇧United Kingdom pstewart
Committing #2 to 4.4.x for inclusion in the next 4.4.x-dev release, but will keep the issue as Needs Review while we're testing and for any further changes we might want to make on this.
Status changed to Fixed 11 months ago3:09pm 2 January 2024
Comment 11 months ago →
🇬🇧United Kingdom pstewart
Comment 10 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024