[PR #319] [MERGED] Add MySQL TLS/SSL support #318

New issue

Closed

opened 2026-03-03 11:57:14 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 11:57:14 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/Finb/bark-server/pull/319
Author: @xinlon-z
Created: 11/16/2025
Status: ✅ Merged
Merged: 11/17/2025
Merged by: @Finb

Base: master ← Head: master

---

📝 Commits (1)

• 4b237f8 Add MySQL TLS/SSL support

📊 Changes

2 files changed (+98 additions, -1 deletions)

View changed files

📝 database/mysql.go (+52 -0)
📝 main.go (+46 -1)

📄 Description

Hi maintainer,
This PR adds optional TLS/SSL support for MySQL connections in Bark Server. It allows the server to connect to MySQL securely using a CA certificate, and optionally a client certificate + key. MySQL TLS/SSL is disabled by default, so existing setups continue to work without any changes.
And I have added the following CLI flags to support this feature:

Flag	Type	Default	Description
--mysql-tls	bool	false	Enables TLS when connecting to the MySQL server.
--mysql-skip-verify	bool	false	Skips verification of the server’s certificate chain (use with caution).
--mysql-cert	path	""	Path to the client certificate (client-cert.pem).
--mysql-key	path	""	Path to the client private key (client-key.pem).
--mysql-ca	path	""	Path to the CA certificate used to verify the MySQL server.

Example usage:

./bark-server \
--dsn "user:pass@tcp(host:port)/dbname" \
--mysql-tls \
--mysql-ca /path/to/ca.pem \
--mysql-client-cert /path/to/client-cert.pem \
--mysql-client-key /path/to/client-key.pem \
--mysql-tls-skip-verify

I have fully validated it with MySQL 8.4.7 locally:
xinlon@ubuntu-pc:~/work/bark-server$ ./bark-server --dsn "bark:test_passwd@tcp(192.168.11.22:3306)/Bark_Server" --mysql-ca /home/xinlon/ca.pem --mysql-client-cert /home/xinlon/client-cert.pem --mysql-client-key /home/xinlon/client-key.pem --mysql-tls --mysql-tls-skip-verify
2025-11-16 12:12:06 INFO create apns client: 0
2025-11-16 12:12:06 INFO init apns client success...
2025-11-16 12:12:06 INFO Bark Server Has No Basic Auth.
2025-11-16 12:12:06 INFO load route [register_compat] success...
2025-11-16 12:12:06 INFO load route [misc] success...
2025-11-16 12:12:06 INFO load route [push] success...
2025-11-16 12:12:06 INFO load route [register] success...
2025-11-16 12:12:06 INFO load route [push_compat] success...
2025-11-16 12:12:06 INFO MySQL TLS CA: /home/xinlon/ca.pem
2025-11-16 12:12:06 INFO MySQL TLS client cert: /home/xinlon/client-cert.pem
2025-11-16 12:12:06 INFO MySQL TLS client key: /home/xinlon/client-key.pem
2025-11-16 12:12:06 INFO Server certificate verification skipped: true
2025-11-16 12:12:06 INFO Bark Server Listen at: 0.0.0.0:8080 , Database: *database.MySQL

┌───────────────────────────────────────────────────┐
│ Fiber v2.52.9 │
│ http://[::]:8080 │
│ │
│ Handlers ............ 28 Processes ........... 1 │
│ Prefork ....... Disabled PID ............. 24704 │
└───────────────────────────────────────────────────┘

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/Finb/bark-server/pull/319 **Author:** [@xinlon-z](https://github.com/xinlon-z) **Created:** 11/16/2025 **Status:** ✅ Merged **Merged:** 11/17/2025 **Merged by:** [@Finb](https://github.com/Finb) **Base:** `master` ← **Head:** `master` --- ### 📝 Commits (1) - [`4b237f8`](https://github.com/Finb/bark-server/commit/4b237f8c78051837f4e882557d4959a4988fe906) Add MySQL TLS/SSL support ### 📊 Changes **2 files changed** (+98 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `database/mysql.go` (+52 -0) 📝 `main.go` (+46 -1) </details> ### 📄 Description Hi maintainer, This PR adds optional TLS/SSL support for MySQL connections in Bark Server. It allows the server to connect to MySQL securely using a CA certificate, and optionally a client certificate + key. MySQL TLS/SSL is disabled by default, so existing setups continue to work without any changes. And I have added the following CLI flags to support this feature: Flag | Type | Default | Description | |-------------------------|-------|---------|-------------| | `--mysql-tls` | bool | false | Enables TLS when connecting to the MySQL server. | | `--mysql-skip-verify` | bool | false | Skips verification of the server’s certificate chain (use with caution). | | `--mysql-cert` | path | "" | Path to the client certificate (`client-cert.pem`). | | `--mysql-key` | path | "" | Path to the client private key (`client-key.pem`). | | `--mysql-ca` | path | "" | Path to the CA certificate used to verify the MySQL server. | Example usage: ./bark-server \ --dsn "user:pass@tcp(host:port)/dbname" \ --mysql-tls \ --mysql-ca /path/to/ca.pem \ --mysql-client-cert /path/to/client-cert.pem \ --mysql-client-key /path/to/client-key.pem \ --mysql-tls-skip-verify I have fully validated it with MySQL 8.4.7 locally: xinlon@ubuntu-pc:~/work/bark-server$ ./bark-server --dsn "bark:test_passwd@tcp(192.168.11.22:3306)/Bark_Server" --mysql-ca /home/xinlon/ca.pem --mysql-client-cert /home/xinlon/client-cert.pem --mysql-client-key /home/xinlon/client-key.pem --mysql-tls --mysql-tls-skip-verify 2025-11-16 12:12:06 INFO create apns client: 0 2025-11-16 12:12:06 INFO init apns client success... 2025-11-16 12:12:06 INFO Bark Server Has No Basic Auth. 2025-11-16 12:12:06 INFO load route [register_compat] success... 2025-11-16 12:12:06 INFO load route [misc] success... 2025-11-16 12:12:06 INFO load route [push] success... 2025-11-16 12:12:06 INFO load route [register] success... 2025-11-16 12:12:06 INFO load route [push_compat] success... 2025-11-16 12:12:06 INFO MySQL TLS CA: /home/xinlon/ca.pem 2025-11-16 12:12:06 INFO MySQL TLS client cert: /home/xinlon/client-cert.pem 2025-11-16 12:12:06 INFO MySQL TLS client key: /home/xinlon/client-key.pem 2025-11-16 12:12:06 INFO Server certificate verification skipped: true 2025-11-16 12:12:06 INFO Bark Server Listen at: 0.0.0.0:8080 , Database: *database.MySQL ┌───────────────────────────────────────────────────┐ │ Fiber v2.52.9 │ │ http://[::]:8080 │ │ │ │ Handlers ............ 28 Processes ........... 1 │ │ Prefork ....... Disabled PID ............. 24704 │ └───────────────────────────────────────────────────┘ --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 11:57:14 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/go_modules/github.com/buger/jsonparser-1.1.2

dependabot/go_modules/github.com/gofiber/fiber/v2-2.52.12

dependabot/go_modules/filippo.io/edwards25519-1.1.1

v2.3.4

v2.3.3

v2.3.2

v2.3.1

v2.3.0

v2.2.9

v2.2.8

v2.2.7

v2.2.6

v2.2.5

v2.2.4

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.9

v2.1.8

v2.1.7

v2.1.6

v2.1.5

v2.1.4

v2.1.2-4-gbebf1cc

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.0.2

v1.0.1

1.0.0-build2

1.0.0

Labels

Clear labels   

enhancement

  

in progress

  

need test

  

pull-request

Mirrored from GitHub Pull Request

  

v2

  

v2

No labels

enhancement

in progress

need test

pull-request

v2

v2

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/bark-server#318

No description provided.