Chapter 6.3: Note on TLS connection to MySQL

In the MySQL config section, the Note regarding TLS mentions:

To allow your app to connect you need to disable certificate verification. You must not use this for a production application. You should provide the certificate to trust for a production application.

Agree about bad form to do this in production, but how to do this was left as an exercise for the reader! It took a bit of searching to figure out how to do this disabling to connect the Vapor 4 example app to my local MySQL test DB. Found this tidbit on the Swift forums:

in configure.swift

app.databases.use(.mysql(
hostname: Environment.get("DATABASE_HOST") ?? "127.0.0.1",
port: Environment.get("DATABASE_PORT").flatMap(Int.init(_:)) ?? MySQLConfiguration.ianaPortNumber,
username: Environment.get("DATABASE_USERNAME") ?? "",
password: Environment.get("DATABASE_PASSWORD") ?? "",
database: Environment.get("DATABASE_NAME") ?? "",
tlsConfiguration: .forClient(certificateVerification: .none)
), as: .mysql)

Perhaps this could be elaborated on in the next round :grinning:

That’s in the newest release of the book here! https://www.raywenderlich.com/books/server-side-swift-with-vapor/v3.0/chapters/6-configuring-a-database#toc-chapter-009-anchor-003 in the MySQL section

This does makes it work, however there is now the following warning:

image

This was fixed by using their factory-like method to generate the config and then change certificateVerification:

	var tlsConfig = TLSConfiguration.makeClientConfiguration()
	tlsConfig.certificateVerification = .none

	app.databases.use(.mysql(
        hostname: Environment.get("DATABASE_HOST") ?? "127.0.0.1",
        port: Environment.get("DATABASE_PORT").flatMap(Int.init(_:)) ?? MySQLConfiguration.ianaPortNumber,
        username: Environment.get("DATABASE_USERNAME") ?? "vapor_username",
        password: Environment.get("DATABASE_PASSWORD") ?? "vapor_password",
        database: Environment.get("DATABASE_NAME") ?? "vapor_database",
		tlsConfiguration: tlsConfig
    ), as: .mysql)
1 Like