Replace unnused MySQL SSL mode

.env.example

@@ -67,13 +67,14 @@ DB_PASSWORD=secret_firefly_password
 
 # MySQL supports SSL. You can configure it here.
 # If you use Docker or similar, you can set these variables from a file by appending them with _FILE
-MYSQL_SSL_MODE=prefer
-MYSQL_SSL_ROOT_CERT_PATH=
-MYSQL_SSL_ROOT_CERT=
+MYSQL_USE_SSL=false
+MYSQL_SSL_VERIFY_SERVER_CERT=true
+# You need to set at least of these options
+MYSQL_SSL_CAPATH=/etc/ssl/certs/
+MYSQL_SSL_CA=
 MYSQL_SSL_CERT=
 MYSQL_SSL_KEY=
 MYSQL_SSL_CIPHER=
-MYSQL_SSL_VERIFY=
 
 # PostgreSQL supports SSL. You can configure it here.
 # If you use Docker or similar, you can set these variables from a file by appending them with _FILE

config/database.php

@@ -42,20 +42,22 @@ if (!(false === $databaseUrl)) {
 /*
  * Get SSL parameters from .env file.
  */
-$mysql_ssl_ca_dir =  envNonEmpty('MYSQL_SSL_ROOT_CERT_PATH', null);
-$mysql_ssl_ca_file = envNonEmpty('MYSQL_SSL_ROOT_CERT',      null);
-$mysql_ssl_cert =    envNonEmpty('MYSQL_SSL_CERT',           null);
-$mysql_ssl_key =     envNonEmpty('MYSQL_SSL_KEY',            null);
-$mysql_ssl_ciphers = envNonEmpty('MYSQL_SSL_CIPHER',         null);
-$mysql_ssl_verify  = envNonEmpty('MYSQL_SSL_VERIFY',         null);
+$mysql_ssl_ca_dir =  envNonEmpty('MYSQL_SSL_CAPATH',             null);
+$mysql_ssl_ca_file = envNonEmpty('MYSQL_SSL_CA',                 null);
+$mysql_ssl_cert =    envNonEmpty('MYSQL_SSL_CERT',               null);
+$mysql_ssl_key =     envNonEmpty('MYSQL_SSL_KEY',                null);
+$mysql_ssl_ciphers = envNonEmpty('MYSQL_SSL_CIPHER',             null);
+$mysql_ssl_verify  = envNonEmpty('MYSQL_SSL_VERIFY_SERVER_CERT', null);
 
 $mysql_ssl_options = [];
-if ($mysql_ssl_ca_dir  !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CAPATH            ] = $mysql_ssl_ca_dir;
-if ($mysql_ssl_ca_file !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CA                ] = $mysql_ssl_ca_file;
-if ($mysql_ssl_cert    !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CERT              ] = $mysql_ssl_cert;
-if ($mysql_ssl_key     !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_KEY               ] = $mysql_ssl_key;
-if ($mysql_ssl_ciphers !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CIPHER            ] = $mysql_ssl_ciphers;
-if ($mysql_ssl_verify  !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = $mysql_ssl_verify;
+if (!(false === envNonEmpty('MYSQL_USE_SSL', false))) {
+    if ($mysql_ssl_ca_dir  !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CAPATH            ] = $mysql_ssl_ca_dir;
+    if ($mysql_ssl_ca_file !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CA                ] = $mysql_ssl_ca_file;
+    if ($mysql_ssl_cert    !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CERT              ] = $mysql_ssl_cert;
+    if ($mysql_ssl_key     !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_KEY               ] = $mysql_ssl_key;
+    if ($mysql_ssl_ciphers !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_CIPHER            ] = $mysql_ssl_ciphers;
+    if ($mysql_ssl_verify  !== null) $mysql_ssl_options[PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT] = $mysql_ssl_verify;
+}
 
 return [
     'default'     => envNonEmpty('DB_CONNECTION', 'pgsql'),
@@ -78,7 +80,6 @@ return [
             'prefix'      => '',
             'strict'      => true,
             'engine'      => 'InnoDB',
-            'sslmode'     => envNonEmpty('MYSQL_SSL_MODE', 'prefer'),
             'options'     => $mysql_ssl_options,
         ],
         'pgsql'  => [