From 4a139e8b294622ac7ea913d9d22026f1e8805370 Mon Sep 17 00:00:00 2001
From: Jonas Gunz <himself@jonasgunz.de>
Date: Fri, 7 May 2021 23:30:25 +0200
Subject: [PATCH] Add DatabaseTls option to allow MySQL TLS/SSL secure
 connections

---
 config.yml.sample    | 2 ++
 pkg/config/config.go | 2 ++
 pkg/db/db.go         | 5 +++--
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/config.yml.sample b/config.yml.sample
index 73c79131b4..36407d0491 100644
--- a/config.yml.sample
+++ b/config.yml.sample
@@ -62,6 +62,8 @@ database:
   # Secure connection mode. Only used with postgres.
   # (see https://pkg.go.dev/github.com/lib/pq?tab=doc#hdr-Connection_String_Parameters)
   sslmode: disable
+  # Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred
+  tls: false
 
 cache:
   # If cache is enabled or not
diff --git a/pkg/config/config.go b/pkg/config/config.go
index a9f7f44136..f89acecfd1 100644
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -73,6 +73,7 @@ const (
 	DatabaseMaxIdleConnections    Key = `database.maxidleconnections`
 	DatabaseMaxConnectionLifetime Key = `database.maxconnectionlifetime`
 	DatabaseSslMode               Key = `database.sslmode`
+	DatabaseTls                   Key = `database.tls`
 
 	CacheEnabled        Key = `cache.enabled`
 	CacheType           Key = `cache.type`
@@ -258,6 +259,7 @@ func InitDefaultConfig() {
 	DatabaseMaxIdleConnections.setDefault(50)
 	DatabaseMaxConnectionLifetime.setDefault(10000)
 	DatabaseSslMode.setDefault("disable")
+	DatabaseTls.setDefault("false")
 
 	// Cacher
 	CacheEnabled.setDefault(false)
diff --git a/pkg/db/db.go b/pkg/db/db.go
index a309fdc5a0..02ac4a9512 100644
--- a/pkg/db/db.go
+++ b/pkg/db/db.go
@@ -113,11 +113,12 @@ func initMysqlEngine() (engine *xorm.Engine, err error) {
 	// We're using utf8mb here instead of just utf8 because we want to use non-BMP characters.
 	// See https://stackoverflow.com/a/30074553/10924593 for more info.
 	connStr := fmt.Sprintf(
-		"%s:%s@tcp(%s)/%s?charset=utf8mb4&parseTime=true",
+		"%s:%s@tcp(%s)/%s?charset=utf8mb4&parseTime=true&tls=%s",
 		config.DatabaseUser.GetString(),
 		config.DatabasePassword.GetString(),
 		config.DatabaseHost.GetString(),
-		config.DatabaseDatabase.GetString())
+		config.DatabaseDatabase.GetString(),
+		config.DatabaseTls.GetString())
 	engine, err = xorm.NewEngine("mysql", connStr)
 	if err != nil {
 		return