Add an option to disable MySQL server certificate check - Fix #1735

2024-11-08 11:40:58 +01:00 · 2019-04-05 21:51:54 +02:00 · 2019-04-05 21:51:54 +02:00 · 44cb787577
commit 44cb787577
parent 08c1bb33c7
3 changed files with 14 additions and 1 deletions
--- a/src/main/java/fr/xephi/authme/datasource/MySQL.java
+++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java
@ -34,6 +34,7 @@ import static fr.xephi.authme.datasource.SqlDataSourceUtils.logSqlException;
 public class MySQL extends AbstractSqlDataSource {

    private boolean useSsl;
+    private boolean serverCertificateVerification;
    private String host;
    private String port;
    private String username;
@ -103,6 +104,7 @@ public class MySQL extends AbstractSqlDataSource {
        this.poolSize = settings.getProperty(DatabaseSettings.MYSQL_POOL_SIZE);
        this.maxLifetime = settings.getProperty(DatabaseSettings.MYSQL_CONNECTION_MAX_LIFETIME);
        this.useSsl = settings.getProperty(DatabaseSettings.MYSQL_USE_SSL);
+        this.serverCertificateVerification = settings.getProperty(DatabaseSettings.MYSQL_CHECK_SERVER_CERTIFICATE);
    }

    /**
@ -126,6 +128,11 @@ public class MySQL extends AbstractSqlDataSource {
        // Request mysql over SSL
        ds.addDataSourceProperty("useSSL", String.valueOf(useSsl));

+        // Disabling server certificate verification on need
+        if (!serverCertificateVerification) {
+            ds.addDataSourceProperty("verifyServerCertificate", String.valueOf(false));
+        }
+
        // Encoding
        ds.addDataSourceProperty("characterEncoding", "utf8");
        ds.addDataSourceProperty("encoding", "UTF-8");
--- a/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java
+++ b/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java
@ -31,6 +31,12 @@ public final class DatabaseSettings implements SettingsHolder {
    public static final Property<Boolean> MYSQL_USE_SSL =
        newProperty("DataSource.mySQLUseSSL", true);

+    @Comment({"Verification of server's certificate.",
+        "We would not recommend to set this option to false.",
+        "Set this option to false at your own risk if and only if you know what you're doing"})
+    public static final Property<Boolean> MYSQL_CHECK_SERVER_CERTIFICATE =
+        newProperty( "DataSource.mySQLCheckServerCertificate", true );
+
    @Comment("Username to connect to the MySQL database")
    public static final Property<String> MYSQL_USERNAME =
        newProperty("DataSource.mySQLUsername", "authme");
--- a/src/test/java/fr/xephi/authme/settings/properties/AuthMeSettingsRetrieverTest.java
+++ b/src/test/java/fr/xephi/authme/settings/properties/AuthMeSettingsRetrieverTest.java
@ -22,7 +22,7 @@ public class AuthMeSettingsRetrieverTest {
        // an error margin of 10: this prevents us from having to adjust the test every time the config is changed.
        // If this test fails, replace the first argument in closeTo() with the new number of properties
        assertThat((double) configurationData.getProperties().size(),
-            closeTo(171, 10));
+            closeTo(182, 10));
    }

    @Test