THIS IS A TEST INSTANCE ONLY! REPOSITORIES CAN BE DELETED AT ANY TIME!

Browse Source

MySQL TLS (#4642)

pull/3772/merge
Russell Aunger 9 months ago
parent
commit
127f477056

+ 2
- 1
custom/conf/app.ini.sample View File

@@ -223,7 +223,8 @@ NAME = gitea
223 223
 USER = root
224 224
 ; Use PASSWD = `your password` for quoting if you use special characters in the password.
225 225
 PASSWD =
226
-; For "postgres" only, either "disable", "require" or "verify-full"
226
+; For Postgres, either "disable" (default), "require", or "verify-full"
227
+; For MySQL, either "false" (default), "true", or "skip-verify"
227 228
 SSL_MODE = disable
228 229
 ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
229 230
 PATH = data/gitea.db

+ 1
- 1
docs/content/doc/advanced/config-cheat-sheet.en-us.md View File

@@ -138,7 +138,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
138 138
 - `NAME`: **gitea**: Database name.
139 139
 - `USER`: **root**: Database username.
140 140
 - `PASSWD`: **\<empty\>**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
141
-- `SSL_MODE`: **disable**: For PostgreSQL only.
141
+- `SSL_MODE`: **disable**: For PostgreSQL and MySQL only.
142 142
 - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
143 143
 - `LOG_SQL`: **true**: Log the executed SQL.
144 144
 

+ 9
- 6
models/models.go View File

@@ -155,7 +155,7 @@ func LoadConfigs() {
155 155
 	if len(DbCfg.Passwd) == 0 {
156 156
 		DbCfg.Passwd = sec.Key("PASSWD").String()
157 157
 	}
158
-	DbCfg.SSLMode = sec.Key("SSL_MODE").String()
158
+	DbCfg.SSLMode = sec.Key("SSL_MODE").MustString("disable")
159 159
 	DbCfg.Path = sec.Key("PATH").MustString("data/gitea.db")
160 160
 	DbCfg.Timeout = sec.Key("SQLITE_TIMEOUT").MustInt(500)
161 161
 
@@ -222,13 +222,16 @@ func getEngine() (*xorm.Engine, error) {
222 222
 	}
223 223
 	switch DbCfg.Type {
224 224
 	case "mysql":
225
+		connType := "tcp"
225 226
 		if DbCfg.Host[0] == '/' { // looks like a unix socket
226
-			connStr = fmt.Sprintf("%s:%s@unix(%s)/%s%scharset=utf8&parseTime=true",
227
-				DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name, Param)
228
-		} else {
229
-			connStr = fmt.Sprintf("%s:%s@tcp(%s)/%s%scharset=utf8&parseTime=true",
230
-				DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name, Param)
227
+			connType = "unix"
231 228
 		}
229
+		tls := DbCfg.SSLMode
230
+		if tls == "disable" { // allow (Postgres-inspired) default value to work in MySQL
231
+			tls = "false"
232
+		}
233
+		connStr = fmt.Sprintf("%s:%s@%s(%s)/%s%scharset=utf8&parseTime=true&tls=%s",
234
+			DbCfg.User, DbCfg.Passwd, connType, DbCfg.Host, DbCfg.Name, Param, tls)
232 235
 	case "postgres":
233 236
 		connStr = getPostgreSQLConnectionString(DbCfg.Host, DbCfg.User, DbCfg.Passwd, DbCfg.Name, Param, DbCfg.SSLMode)
234 237
 	case "mssql":

Loading…
Cancel
Save