Add DatabaseTls option to allow MySQL TLS/SSL secure connections

config.yml.sample

@@ -62,6 +62,8 @@ database:
   # Secure connection mode. Only used with postgres.
   # (see https://pkg.go.dev/github.com/lib/pq?tab=doc#hdr-Connection_String_Parameters)
   sslmode: disable
+  # Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred
+  tls: false
 
 cache:
   # If cache is enabled or not

pkg/config/config.go

@@ -73,6 +73,7 @@ const (
 	DatabaseMaxIdleConnections    Key = `database.maxidleconnections`
 	DatabaseMaxConnectionLifetime Key = `database.maxconnectionlifetime`
 	DatabaseSslMode               Key = `database.sslmode`
+	DatabaseTls                   Key = `database.tls`
 
 	CacheEnabled        Key = `cache.enabled`
 	CacheType           Key = `cache.type`
@@ -258,6 +259,7 @@ func InitDefaultConfig() {
 	DatabaseMaxIdleConnections.setDefault(50)
 	DatabaseMaxConnectionLifetime.setDefault(10000)
 	DatabaseSslMode.setDefault("disable")
+	DatabaseTls.setDefault("false")
 
 	// Cacher
 	CacheEnabled.setDefault(false)

pkg/db/db.go

@@ -113,11 +113,12 @@ func initMysqlEngine() (engine *xorm.Engine, err error) {
 	// We're using utf8mb here instead of just utf8 because we want to use non-BMP characters.
 	// See https://stackoverflow.com/a/30074553/10924593 for more info.
 	connStr := fmt.Sprintf(
-		"%s:%s@tcp(%s)/%s?charset=utf8mb4&parseTime=true",
+		"%s:%s@tcp(%s)/%s?charset=utf8mb4&parseTime=true&tls=%s",
 		config.DatabaseUser.GetString(),
 		config.DatabasePassword.GetString(),
 		config.DatabaseHost.GetString(),
-		config.DatabaseDatabase.GetString())
+		config.DatabaseDatabase.GetString(),
+		config.DatabaseTls.GetString())
 	engine, err = xorm.NewEngine("mysql", connStr)
 	if err != nil {
 		return