diff options
author | Russell Aunger <rba@live.com> | 2018-08-23 18:42:02 -0400 |
---|---|---|
committer | techknowlogick <techknowlogick@users.noreply.github.com> | 2018-08-23 18:42:02 -0400 |
commit | 127f4770566e09504a3efe4c4282cee049bad0e1 (patch) | |
tree | 5f9e350f074367722f9fa0d795b22752e607b7c8 | |
parent | 0dac1ff677939caba2dbfed6233be1f0bcb3749a (diff) | |
download | gitea-127f4770566e09504a3efe4c4282cee049bad0e1.tar.gz gitea-127f4770566e09504a3efe4c4282cee049bad0e1.zip |
MySQL TLS (#4642)
-rw-r--r-- | custom/conf/app.ini.sample | 3 | ||||
-rw-r--r-- | docs/content/doc/advanced/config-cheat-sheet.en-us.md | 2 | ||||
-rw-r--r-- | models/models.go | 15 |
3 files changed, 12 insertions, 8 deletions
diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample index 6f973c63e1..d30f134db7 100644 --- a/custom/conf/app.ini.sample +++ b/custom/conf/app.ini.sample @@ -223,7 +223,8 @@ NAME = gitea USER = root ; Use PASSWD = `your password` for quoting if you use special characters in the password. PASSWD = -; For "postgres" only, either "disable", "require" or "verify-full" +; For Postgres, either "disable" (default), "require", or "verify-full" +; For MySQL, either "false" (default), "true", or "skip-verify" SSL_MODE = disable ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service PATH = data/gitea.db diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index c554f07e3c..cd147f2a9d 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -138,7 +138,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `NAME`: **gitea**: Database name. - `USER`: **root**: Database username. - `PASSWD`: **\<empty\>**: Database user password. Use \`your password\` for quoting if you use special characters in the password. -- `SSL_MODE`: **disable**: For PostgreSQL only. +- `SSL_MODE`: **disable**: For PostgreSQL and MySQL only. - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path. - `LOG_SQL`: **true**: Log the executed SQL. diff --git a/models/models.go b/models/models.go index 878e27e996..0123eab12d 100644 --- a/models/models.go +++ b/models/models.go @@ -155,7 +155,7 @@ func LoadConfigs() { if len(DbCfg.Passwd) == 0 { DbCfg.Passwd = sec.Key("PASSWD").String() } - DbCfg.SSLMode = sec.Key("SSL_MODE").String() + DbCfg.SSLMode = sec.Key("SSL_MODE").MustString("disable") DbCfg.Path = sec.Key("PATH").MustString("data/gitea.db") DbCfg.Timeout = sec.Key("SQLITE_TIMEOUT").MustInt(500) @@ -222,13 +222,16 @@ func getEngine() (*xorm.Engine, error) { } switch DbCfg.Type { case "mysql": + connType := "tcp" if DbCfg.Host[0] == '/' { // looks like a unix socket - connStr = fmt.Sprintf("%s:%s@unix(%s)/%s%scharset=utf8&parseTime=true", - DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name, Param) - } else { - connStr = fmt.Sprintf("%s:%s@tcp(%s)/%s%scharset=utf8&parseTime=true", - DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name, Param) + connType = "unix" } + tls := DbCfg.SSLMode + if tls == "disable" { // allow (Postgres-inspired) default value to work in MySQL + tls = "false" + } + connStr = fmt.Sprintf("%s:%s@%s(%s)/%s%scharset=utf8&parseTime=true&tls=%s", + DbCfg.User, DbCfg.Passwd, connType, DbCfg.Host, DbCfg.Name, Param, tls) case "postgres": connStr = getPostgreSQLConnectionString(DbCfg.Host, DbCfg.User, DbCfg.Passwd, DbCfg.Name, Param, DbCfg.SSLMode) case "mssql": |