You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
bagasme opened this issue
Mar 26, 2020
· 2 comments
Labels
issue/confirmedIssue has been reviewed and confirmed to be present or accepted to be implementedtype/enhancementAn improvement of existing functionality
Currently connecting Gitea to MySQL database over TLS only supports one-way TLS, (that is only database server can be verified by TLS). To enable two-way TLS (both client and server can be verified), passing client credentials (client certificate, its private key, and CA certificates) are required. This can be accomplished by defining custom tls.Config handler as per driver documentation.
Path to client credentials should be added to app.ini. The corresponding app.ini entry, SSL_MODE must be set to verify-client (tls.Config custom handler) to enable this option.
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.
issue/confirmedIssue has been reviewed and confirmed to be present or accepted to be implementedtype/enhancementAn improvement of existing functionality
Description
Currently connecting Gitea to MySQL database over TLS only supports one-way TLS, (that is only database server can be verified by TLS). To enable two-way TLS (both client and server can be verified), passing client credentials (client certificate, its private key, and CA certificates) are required. This can be accomplished by defining custom
tls.Config
handler as per driver documentation.Path to client credentials should be added to
app.ini
. The correspondingapp.ini
entry,SSL_MODE
must be set toverify-client
(tls.Config
custom handler) to enable this option.The text was updated successfully, but these errors were encountered: