summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRussell Aunger <rba@live.com>2018-08-23 18:42:02 -0400
committertechknowlogick <techknowlogick@users.noreply.github.com>2018-08-23 18:42:02 -0400
commit127f4770566e09504a3efe4c4282cee049bad0e1 (patch)
tree5f9e350f074367722f9fa0d795b22752e607b7c8
parent0dac1ff677939caba2dbfed6233be1f0bcb3749a (diff)
downloadgitea-127f4770566e09504a3efe4c4282cee049bad0e1.tar.gz
gitea-127f4770566e09504a3efe4c4282cee049bad0e1.zip
MySQL TLS (#4642)
-rw-r--r--custom/conf/app.ini.sample3
-rw-r--r--docs/content/doc/advanced/config-cheat-sheet.en-us.md2
-rw-r--r--models/models.go15
3 files changed, 12 insertions, 8 deletions
diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample
index 6f973c63e1..d30f134db7 100644
--- a/custom/conf/app.ini.sample
+++ b/custom/conf/app.ini.sample
@@ -223,7 +223,8 @@ NAME = gitea
USER = root
; Use PASSWD = `your password` for quoting if you use special characters in the password.
PASSWD =
-; For "postgres" only, either "disable", "require" or "verify-full"
+; For Postgres, either "disable" (default), "require", or "verify-full"
+; For MySQL, either "false" (default), "true", or "skip-verify"
SSL_MODE = disable
; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
PATH = data/gitea.db
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index c554f07e3c..cd147f2a9d 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -138,7 +138,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `NAME`: **gitea**: Database name.
- `USER`: **root**: Database username.
- `PASSWD`: **\<empty\>**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
-- `SSL_MODE`: **disable**: For PostgreSQL only.
+- `SSL_MODE`: **disable**: For PostgreSQL and MySQL only.
- `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
- `LOG_SQL`: **true**: Log the executed SQL.
diff --git a/models/models.go b/models/models.go
index 878e27e996..0123eab12d 100644
--- a/models/models.go
+++ b/models/models.go
@@ -155,7 +155,7 @@ func LoadConfigs() {
if len(DbCfg.Passwd) == 0 {
DbCfg.Passwd = sec.Key("PASSWD").String()
}
- DbCfg.SSLMode = sec.Key("SSL_MODE").String()
+ DbCfg.SSLMode = sec.Key("SSL_MODE").MustString("disable")
DbCfg.Path = sec.Key("PATH").MustString("data/gitea.db")
DbCfg.Timeout = sec.Key("SQLITE_TIMEOUT").MustInt(500)
@@ -222,13 +222,16 @@ func getEngine() (*xorm.Engine, error) {
}
switch DbCfg.Type {
case "mysql":
+ connType := "tcp"
if DbCfg.Host[0] == '/' { // looks like a unix socket
- connStr = fmt.Sprintf("%s:%s@unix(%s)/%s%scharset=utf8&parseTime=true",
- DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name, Param)
- } else {
- connStr = fmt.Sprintf("%s:%s@tcp(%s)/%s%scharset=utf8&parseTime=true",
- DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name, Param)
+ connType = "unix"
}
+ tls := DbCfg.SSLMode
+ if tls == "disable" { // allow (Postgres-inspired) default value to work in MySQL
+ tls = "false"
+ }
+ connStr = fmt.Sprintf("%s:%s@%s(%s)/%s%scharset=utf8&parseTime=true&tls=%s",
+ DbCfg.User, DbCfg.Passwd, connType, DbCfg.Host, DbCfg.Name, Param, tls)
case "postgres":
connStr = getPostgreSQLConnectionString(DbCfg.Host, DbCfg.User, DbCfg.Passwd, DbCfg.Name, Param, DbCfg.SSLMode)
case "mssql":