From 86b7d224aba34d3a731e098f02db1568074c953c Mon Sep 17 00:00:00 2001
From: kompetenzbolzen <himself@jonasgunz.de>
Date: Sat, 8 May 2021 14:54:55 +0000
Subject: [PATCH] Expose tls parameter of Go MySQL driver to config file (#855)

Co-authored-by: Jonas Gunz <himself@jonasgunz.de>
Reviewed-on: https://kolaente.dev/vikunja/api/pulls/855
Reviewed-by: konrad <konrad@kola-entertainments.de>
Co-authored-by: kompetenzbolzen <himself@jonasgunz.de>
Co-committed-by: kompetenzbolzen <himself@jonasgunz.de>
---
 config.yml.sample                | 2 ++
 docs/content/doc/setup/config.md | 6 ++++++
 pkg/config/config.go             | 2 ++
 pkg/db/db.go                     | 5 +++--
 4 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/config.yml.sample b/config.yml.sample
index 73c79131b4e..36407d04919 100644
--- a/config.yml.sample
+++ b/config.yml.sample
@@ -62,6 +62,8 @@ database:
   # Secure connection mode. Only used with postgres.
   # (see https://pkg.go.dev/github.com/lib/pq?tab=doc#hdr-Connection_String_Parameters)
   sslmode: disable
+  # Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred
+  tls: false
 
 cache:
   # If cache is enabled or not
diff --git a/docs/content/doc/setup/config.md b/docs/content/doc/setup/config.md
index 78eb22f55e6..c9e3db33d65 100644
--- a/docs/content/doc/setup/config.md
+++ b/docs/content/doc/setup/config.md
@@ -237,6 +237,12 @@ Secure connection mode. Only used with postgres.
 
 Default: `disable`
 
+### tls
+
+Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred
+
+Default: `false`
+
 ---
 
 ## cache
diff --git a/pkg/config/config.go b/pkg/config/config.go
index a9f7f441365..c10cc04c4c2 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -73,6 +73,7 @@ const (
 	DatabaseMaxIdleConnections    Key = `database.maxidleconnections`
 	DatabaseMaxConnectionLifetime Key = `database.maxconnectionlifetime`
 	DatabaseSslMode               Key = `database.sslmode`
+	DatabaseTLS                   Key = `database.tls`
 
 	CacheEnabled        Key = `cache.enabled`
 	CacheType           Key = `cache.type`
@@ -258,6 +259,7 @@ func InitDefaultConfig() {
 	DatabaseMaxIdleConnections.setDefault(50)
 	DatabaseMaxConnectionLifetime.setDefault(10000)
 	DatabaseSslMode.setDefault("disable")
+	DatabaseTLS.setDefault("false")
 
 	// Cacher
 	CacheEnabled.setDefault(false)
diff --git a/pkg/db/db.go b/pkg/db/db.go
index a309fdc5a02..728cd7cf7cb 100644
--- a/pkg/db/db.go
+++ b/pkg/db/db.go
@@ -113,11 +113,12 @@ func initMysqlEngine() (engine *xorm.Engine, err error) {
 	// We're using utf8mb here instead of just utf8 because we want to use non-BMP characters.
 	// See https://stackoverflow.com/a/30074553/10924593 for more info.
 	connStr := fmt.Sprintf(
-		"%s:%s@tcp(%s)/%s?charset=utf8mb4&parseTime=true",
+		"%s:%s@tcp(%s)/%s?charset=utf8mb4&parseTime=true&tls=%s",
 		config.DatabaseUser.GetString(),
 		config.DatabasePassword.GetString(),
 		config.DatabaseHost.GetString(),
-		config.DatabaseDatabase.GetString())
+		config.DatabaseDatabase.GetString(),
+		config.DatabaseTLS.GetString())
 	engine, err = xorm.NewEngine("mysql", connStr)
 	if err != nil {
 		return