From b062d2c956aa9be6bfbaa4c1a22a0edeeef9651e Mon Sep 17 00:00:00 2001 From: Russell Aunger Date: Tue, 7 Aug 2018 23:34:48 -0400 Subject: [PATCH 1/3] Wire MySQL TLS mode to SSL_MODE config option. --- models/models.go | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/models/models.go b/models/models.go index 878e27e996306..cc9f972e48190 100644 --- a/models/models.go +++ b/models/models.go @@ -222,13 +222,16 @@ func getEngine() (*xorm.Engine, error) { } switch DbCfg.Type { case "mysql": + connType := "tcp" if DbCfg.Host[0] == '/' { // looks like a unix socket - connStr = fmt.Sprintf("%s:%s@unix(%s)/%s%scharset=utf8&parseTime=true", - DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name, Param) - } else { - connStr = fmt.Sprintf("%s:%s@tcp(%s)/%s%scharset=utf8&parseTime=true", - DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name, Param) + connType = "unix" } + tls := DbCfg.SSLMode + if tls == "disable" { // allow (Postgres-inspired) default value to work in MySQL + tls = "false" + } + connStr = fmt.Sprintf("%s:%s@%s(%s)/%s%scharset=utf8&parseTime=true&tls=%s", + DbCfg.User, DbCfg.Passwd, connType, DbCfg.Host, DbCfg.Name, Param, tls) case "postgres": connStr = getPostgreSQLConnectionString(DbCfg.Host, DbCfg.User, DbCfg.Passwd, DbCfg.Name, Param, DbCfg.SSLMode) case "mssql": From 367146702792f32e1d8c626659e3437baadaeead Mon Sep 17 00:00:00 2001 From: Russell Aunger Date: Wed, 8 Aug 2018 03:20:01 -0400 Subject: [PATCH 2/3] Update docs for database SSL_MODE option and MySQL. --- custom/conf/app.ini.sample | 3 ++- docs/content/doc/advanced/config-cheat-sheet.en-us.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/custom/conf/app.ini.sample b/custom/conf/app.ini.sample index 682a03b8bf730..190009002dfb1 100644 --- a/custom/conf/app.ini.sample +++ b/custom/conf/app.ini.sample @@ -219,7 +219,8 @@ NAME = gitea USER = root ; Use PASSWD = `your password` for quoting if you use special characters in the password. PASSWD = -; For "postgres" only, either "disable", "require" or "verify-full" +; For Postgres, either "disable" (default), "require", or "verify-full" +; For MySQL, either "false" (default), "true", or "skip-verify" SSL_MODE = disable ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service PATH = data/gitea.db diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 29489d885520b..de972eae18eed 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -129,7 +129,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `NAME`: **gitea**: Database name. - `USER`: **root**: Database username. - `PASSWD`: **\**: Database user password. Use \`your password\` for quoting if you use special characters in the password. -- `SSL_MODE`: **disable**: For PostgreSQL only. +- `SSL_MODE`: **disable**: For PostgreSQL and MySQL only. - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path. - `LOG_SQL`: **true**: Log the executed SQL. From b06a324d21bbc4b4db82c09471716068b684305d Mon Sep 17 00:00:00 2001 From: Russell Aunger Date: Tue, 14 Aug 2018 15:12:03 -0400 Subject: [PATCH 3/3] Give SSL_MODE a default value to match the docs. Both config-cheat-sheet.en-us.md and app.ini.sample say SSL_MODE has a default value of "disable". This commit makes it so. --- models/models.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/models/models.go b/models/models.go index cc9f972e48190..0123eab12db97 100644 --- a/models/models.go +++ b/models/models.go @@ -155,7 +155,7 @@ func LoadConfigs() { if len(DbCfg.Passwd) == 0 { DbCfg.Passwd = sec.Key("PASSWD").String() } - DbCfg.SSLMode = sec.Key("SSL_MODE").String() + DbCfg.SSLMode = sec.Key("SSL_MODE").MustString("disable") DbCfg.Path = sec.Key("PATH").MustString("data/gitea.db") DbCfg.Timeout = sec.Key("SQLITE_TIMEOUT").MustInt(500)