Browse Source

Add support for encrypted connections to mysql (#1460)

pull/1507/head
Christian Schwartz 2 years ago
committed by Jordan Wright
parent
commit
26d99b5a65
2 changed files with 29 additions and 1 deletions
  1. +1
    -0
      config/config.go
  2. +28
    -1
      models/models.go

+ 1
- 0
config/config.go View File

@ -32,6 +32,7 @@ type Config struct {
PhishConf PhishServer `json:"phish_server"`
DBName string `json:"db_name"`
DBPath string `json:"db_path"`
DBSSLCaPath string `json:"db_sslca_path"`
MigrationsPath string `json:"migrations_prefix"`
TestFlag bool `json:"test_flag"`
ContactAddress string `json:"contact_address"`

+ 28
- 1
models/models.go View File

@ -5,10 +5,13 @@ import (
"fmt"
"io"
"time"
"crypto/tls"
"crypto/x509"
"io/ioutil"
"bitbucket.org/liamstask/goose/lib/goose"
_ "github.com/go-sql-driver/mysql" // Blank import needed to import mysql
mysql "github.com/go-sql-driver/mysql"
"github.com/gophish/gophish/config"
log "github.com/gophish/gophish/logger"
"github.com/jinzhu/gorm"
@ -96,6 +99,30 @@ func Setup(c *config.Config) error {
log.Error(err)
return err
}
// Register certificates for tls encrypted db connections
if conf.DBSSLCaPath != "" {
switch conf.DBName {
case "mysql":
rootCertPool := x509.NewCertPool()
pem, err := ioutil.ReadFile(conf.DBSSLCaPath)
if err != nil {
log.Error(err)
return err
}
if ok := rootCertPool.AppendCertsFromPEM(pem); !ok {
log.Error("Failed to append PEM.")
return err
}
mysql.RegisterTLSConfig("ssl_ca", &tls.Config{
RootCAs: rootCertPool,
})
// Default database is sqlite3, which supports no tls, as connection
// is file based
default:
}
}
// Open our database connection
i := 0
for {

Loading…
Cancel
Save