From 127f4770566e09504a3efe4c4282cee049bad0e1 Mon Sep 17 00:00:00 2001 From: Russell Aunger Date: Thu, 23 Aug 2018 18:42:02 -0400 Subject: [PATCH] MySQL TLS (#4642) --- custom/conf/app.ini.sample | 3 ++- .../doc/advanced/config-cheat-sheet.en-us.md | 2 +- models/models.go | 15 +++++++++------ 3 files changed, 12 insertions(+), 8 deletions(-) diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample index 6f973c63e1d9..d30f134db7ae 100644 --- a/custom/conf/app.ini.sample +++ b/custom/conf/app.ini.sample @@ -223,7 +223,8 @@ NAME = gitea USER = root ; Use PASSWD = `your password` for quoting if you use special characters in the password. PASSWD = -; For "postgres" only, either "disable", "require" or "verify-full" +; For Postgres, either "disable" (default), "require", or "verify-full" +; For MySQL, either "false" (default), "true", or "skip-verify" SSL_MODE = disable ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service PATH = data/gitea.db diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index c554f07e3c75..cd147f2a9d50 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -138,7 +138,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `NAME`: **gitea**: Database name. - `USER`: **root**: Database username. - `PASSWD`: **\**: Database user password. Use \`your password\` for quoting if you use special characters in the password. -- `SSL_MODE`: **disable**: For PostgreSQL only. +- `SSL_MODE`: **disable**: For PostgreSQL and MySQL only. - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path. - `LOG_SQL`: **true**: Log the executed SQL. diff --git a/models/models.go b/models/models.go index 878e27e99630..0123eab12db9 100644 --- a/models/models.go +++ b/models/models.go @@ -155,7 +155,7 @@ func LoadConfigs() { if len(DbCfg.Passwd) == 0 { DbCfg.Passwd = sec.Key("PASSWD").String() } - DbCfg.SSLMode = sec.Key("SSL_MODE").String() + DbCfg.SSLMode = sec.Key("SSL_MODE").MustString("disable") DbCfg.Path = sec.Key("PATH").MustString("data/gitea.db") DbCfg.Timeout = sec.Key("SQLITE_TIMEOUT").MustInt(500) @@ -222,13 +222,16 @@ func getEngine() (*xorm.Engine, error) { } switch DbCfg.Type { case "mysql": + connType := "tcp" if DbCfg.Host[0] == '/' { // looks like a unix socket - connStr = fmt.Sprintf("%s:%s@unix(%s)/%s%scharset=utf8&parseTime=true", - DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name, Param) - } else { - connStr = fmt.Sprintf("%s:%s@tcp(%s)/%s%scharset=utf8&parseTime=true", - DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name, Param) + connType = "unix" } + tls := DbCfg.SSLMode + if tls == "disable" { // allow (Postgres-inspired) default value to work in MySQL + tls = "false" + } + connStr = fmt.Sprintf("%s:%s@%s(%s)/%s%scharset=utf8&parseTime=true&tls=%s", + DbCfg.User, DbCfg.Passwd, connType, DbCfg.Host, DbCfg.Name, Param, tls) case "postgres": connStr = getPostgreSQLConnectionString(DbCfg.Host, DbCfg.User, DbCfg.Passwd, DbCfg.Name, Param, DbCfg.SSLMode) case "mssql":