Add TLS for mysql

Use ssl_mode for mysql and add docs add docs for the new parameters in config Tolerate ssl_mode without client authentication Client cert is not necessary for a SSL connection. So we tolerate failure if client cert is not provided. Improve error message if missing server_cert_name and mode is not skip-verify.
2025-02-25 18:55:37 -06:00 · 2015-11-24 16:17:21 +00:00
parent 3dc3d363fd
commit ea566fff24
4 changed files with 93 additions and 2 deletions
--- a/docs/sources/installation/configuration.md
+++ b/docs/sources/installation/configuration.md
@@ -156,7 +156,24 @@ The database user's password (not applicable for `sqlite3`).

 ### ssl_mode

-For `postgres` only, either `disable`, `require` or `verify-full`.
+For Postgres, use either `disable`, `require` or `verify-full`.
+For MySQL, use either `true`, `false`, or `skip-verify`.
+
+### ca_cert_path 
+
+(MySQL only) The path to the CA certificate to use. On many linux systems, certs can be found in `/etc/ssl/certs`.
+
+### client_key_path 
+
+(MySQL only) The path to the client key. Only if server requires client authentication.
+
+### client_cert_path 
+
+(MySQL only) The path to the client cert. Only if server requires client authentication.
+
+### server_cert_name 
+
+(MySQL only) The common name field of the certificate used by the `mysql` server. Not necessary if `ssl_mode` is set to `skip-verify`.

 <hr />