diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java index 0a3fcd4329..494a18d98f 100644 --- a/src/main/java/fr/xephi/authme/datasource/MySQL.java +++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java @@ -41,6 +41,7 @@ public class MySQL extends AbstractSqlDataSource { private boolean useSsl; private boolean serverCertificateVerification; private boolean allowPublicKeyRetrieval; + private String sslMode; private String host; private String port; private String username; @@ -121,6 +122,7 @@ private void setParameters(Settings settings, MySqlExtensionsFactory extensionsF this.useSsl = settings.getProperty(DatabaseSettings.MYSQL_USE_SSL); this.serverCertificateVerification = settings.getProperty(DatabaseSettings.MYSQL_CHECK_SERVER_CERTIFICATE); this.allowPublicKeyRetrieval = settings.getProperty(DatabaseSettings.MYSQL_ALLOW_PUBLIC_KEY_RETRIEVAL); + this.sslMode = settings.getProperty(DatabaseSettings.SSL_MODE); } /** @@ -145,12 +147,18 @@ private void setConnectionArguments() { ds.setDriverClassName(this.getDriverClassName()); // Request mysql over SSL - ds.addDataSourceProperty("useSSL", String.valueOf(useSsl)); + if (this instanceof MariaDB) { + ds.addDataSourceProperty("sslMode", sslMode); + }else { + ds.addDataSourceProperty("useSSL", String.valueOf(useSsl)); + + // Disabling server certificate verification on need + if (!serverCertificateVerification) { + ds.addDataSourceProperty("verifyServerCertificate", String.valueOf(false)); + } + } // Disabling server certificate verification on need - if (!serverCertificateVerification) { - ds.addDataSourceProperty("verifyServerCertificate", String.valueOf(false)); - } // Disabling server certificate verification on need if (allowPublicKeyRetrieval) { ds.addDataSourceProperty("allowPublicKeyRetrieval", String.valueOf(true)); } diff --git a/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java b/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java index 0792d9d740..0ace5409fa 100644 --- a/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java +++ b/src/main/java/fr/xephi/authme/settings/properties/DatabaseSettings.java @@ -27,7 +27,17 @@ public final class DatabaseSettings implements SettingsHolder { public static final Property MYSQL_PORT = newProperty("DataSource.mySQLPort", "3306"); - @Comment("Connect to MySQL database over SSL") + @Comment({"Replacement of Mysql's useSsl (for MariaDB only).", + "- disable: No SSL", + "- trust: Trust blindly (no validation)", + "- verify_ca: Encryption, certificates validation, BUT no hostname verification", + "- verify_full: Encryption, certificate validation and hostname validation", + "Read more: https://bit.ly/mariadb-sslmode"}) + public static final Property SSL_MODE = + newProperty("DataSource.sslMode", "disabled"); + + @Comment({"Connect to MySQL database over SSL", + "If you're using MariaDB, use sslMode instead"}) public static final Property MYSQL_USE_SSL = newProperty("DataSource.mySQLUseSSL", true); @@ -38,7 +48,8 @@ public final class DatabaseSettings implements SettingsHolder { newProperty( "DataSource.mySQLCheckServerCertificate", true ); @Comment({"Authorize client to retrieve RSA server public key.", - "Advanced option, ignore if you don't know what it means."}) + "Advanced option, ignore if you don't know what it means.", + "If you're using MariaDB, use sslMode instead"}) public static final Property MYSQL_ALLOW_PUBLIC_KEY_RETRIEVAL = newProperty( "DataSource.mySQLAllowPublicKeyRetrieval", true );