feat: support more MySQL SSL connection options

ttionya · Feb 20, 2025 · 47c4ed8 · 47c4ed8
1 parent 5d405b4
commit 47c4ed8
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 0 deletions.
diff --git a/docs/using-the-mysql-or-mariadb-backend.md b/docs/using-the-mysql-or-mariadb-backend.md
@@ -40,6 +40,20 @@ Default: `vaultwarden`
 
 MySQL(MariaDB) password, **required**.
 
+#### MYSQL_SSL
+
+Enable SSL for connection.
+
+No default value is set; it uses the default provided by `mariadb-dump`, and starting from version `10.11`, the default is `TRUE`.
+
+#### MYSQL_SSL_VERIFY_SERVER_CERT
+
+Verify server's certificate.
+
+No default value is set; it uses the default provided by `mariadb-dump`, and starting from version `11.4`, the default is `TRUE`.
+
+If you encounter any TLS-related connection errors, you can try disabling it by setting values such as `0` or `FALSE`.
+
 #### MYSQL_SSL_CA
 
 The path to the CA certificate for TLS connection (optional).

diff --git a/scripts/backup.sh b/scripts/backup.sh
@@ -53,6 +53,12 @@ function backup_db_mysql() {
     color blue "backup vaultwarden mysql database"
 
     local EXTRA_OPTIONS=()
+    if [[ -n "${MYSQL_SSL}" ]]; then
+        EXTRA_OPTIONS+=("--ssl=\"${MYSQL_SSL}\"")
+    fi
+    if [[ -n "${MYSQL_SSL_VERIFY_SERVER_CERT}" ]]; then
+        EXTRA_OPTIONS+=("--ssl-verify-server-cert=\"${MYSQL_SSL_VERIFY_SERVER_CERT}\"")
+    fi
     if [[ -n "${MYSQL_SSL_CA}" ]]; then
         EXTRA_OPTIONS+=("--ssl-ca=\"${MYSQL_SSL_CA}\"")
     fi

diff --git a/scripts/includes.sh b/scripts/includes.sh
@@ -493,6 +493,12 @@ function init_env_db() {
         # MYSQL_PASSWORD
         get_env MYSQL_PASSWORD
 
+        # MYSQL_SSL
+        get_env MYSQL_SSL
+
+        # MYSQL_SSL_VERIFY_SERVER_CERT
+        get_env MYSQL_SSL_VERIFY_SERVER_CERT
+
         # MYSQL_SSL_CA
         get_env MYSQL_SSL_CA
 

diff --git a/scripts/restore.sh b/scripts/restore.sh
@@ -91,6 +91,12 @@ function restore_db_mysql() {
     color blue "restore vaultwarden mysql database"
 
     local EXTRA_OPTIONS=()
+    if [[ -n "${MYSQL_SSL}" ]]; then
+        EXTRA_OPTIONS+=("--ssl=\"${MYSQL_SSL}\"")
+    fi
+    if [[ -n "${MYSQL_SSL_VERIFY_SERVER_CERT}" ]]; then
+        EXTRA_OPTIONS+=("--ssl-verify-server-cert=\"${MYSQL_SSL_VERIFY_SERVER_CERT}\"")
+    fi
     if [[ -n "${MYSQL_SSL_CA}" ]]; then
         EXTRA_OPTIONS+=("--ssl-ca=\"${MYSQL_SSL_CA}\"")
     fi