From bcf8b733b131a228bdcd0da36c43b7a11722cf57 Mon Sep 17 00:00:00 2001
From: Thorsten <askannon@flexarc.com>
Date: Thu, 28 Jan 2016 14:59:06 +0100
Subject: [PATCH] enable basic TLS for mysql connection without server CA cert
 validation

---
 models/models.go | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/models/models.go b/models/models.go
index 2249fee41..2febde416 100644
--- a/models/models.go
+++ b/models/models.go
@@ -123,12 +123,16 @@ func getEngine() (*xorm.Engine, error) {
 	cnnstr := ""
 	switch DbCfg.Type {
 	case "mysql":
+		tls := ""
+		if DbCfg.SSLMode == "skip-verify" {
+			tls = "&tls=skip-verify";
+		}
 		if DbCfg.Host[0] == '/' { // looks like a unix socket
 			cnnstr = fmt.Sprintf("%s:%s@unix(%s)/%s?charset=utf8&parseTime=true",
 				DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name)
 		} else {
-			cnnstr = fmt.Sprintf("%s:%s@tcp(%s)/%s?charset=utf8&parseTime=true",
-				DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name)
+			cnnstr = fmt.Sprintf("%s:%s@tcp(%s)/%s?charset=utf8&parseTime=true%s",
+				DbCfg.User, DbCfg.Passwd, DbCfg.Host, DbCfg.Name, tls)
 		}
 	case "postgres":
 		var host, port = "127.0.0.1", "5432"