diff --git a/config/config.go b/config/config.go index ba81e2f1..ccb6d639 100644 --- a/config/config.go +++ b/config/config.go @@ -32,6 +32,7 @@ type Config struct { PhishConf PhishServer `json:"phish_server"` DBName string `json:"db_name"` DBPath string `json:"db_path"` + DBSSLCaPath string `json:"db_sslca_path"` MigrationsPath string `json:"migrations_prefix"` TestFlag bool `json:"test_flag"` ContactAddress string `json:"contact_address"` diff --git a/models/models.go b/models/models.go index 1ef38a47..e929af02 100644 --- a/models/models.go +++ b/models/models.go @@ -5,10 +5,13 @@ import ( "fmt" "io" "time" + "crypto/tls" + "crypto/x509" + "io/ioutil" "bitbucket.org/liamstask/goose/lib/goose" - _ "github.com/go-sql-driver/mysql" // Blank import needed to import mysql + mysql "github.com/go-sql-driver/mysql" "github.com/gophish/gophish/config" log "github.com/gophish/gophish/logger" "github.com/jinzhu/gorm" @@ -96,6 +99,30 @@ func Setup(c *config.Config) error { log.Error(err) return err } + + // Register certificates for tls encrypted db connections + if conf.DBSSLCaPath != "" { + switch conf.DBName { + case "mysql": + rootCertPool := x509.NewCertPool() + pem, err := ioutil.ReadFile(conf.DBSSLCaPath) + if err != nil { + log.Error(err) + return err + } + if ok := rootCertPool.AppendCertsFromPEM(pem); !ok { + log.Error("Failed to append PEM.") + return err + } + mysql.RegisterTLSConfig("ssl_ca", &tls.Config{ + RootCAs: rootCertPool, + }) + // Default database is sqlite3, which supports no tls, as connection + // is file based + default: + } + } + // Open our database connection i := 0 for {