add pgsql ssl mode support (ref #1600) (#1623)

install.php

@@ -926,7 +926,7 @@ function install_step_2_perform()
             'dbDatabase' => null,
             'dbEngine' => 'InnoDB',
             'dbSslCa' => null,
-            'dbSslVerify' => 'on',
+            'dbSslVerify' => 'off',
         ],
         'Pgsql' => [
             'dbHost' => 'localhost',
@@ -935,6 +935,7 @@ function install_step_2_perform()
             'dbPassword' => null,
             'dbCharset' => 'utf8',
             'dbDatabase' => null,
+            'dbSslVerify' => 'off',
         ],
         'SQLite' => [
             'dbFile' => __TYPECHO_ROOT_DIR__ . '/usr/' . uniqid() . '.db'
@@ -956,7 +957,7 @@ function install_step_2_perform()
             'dbAdapter' => $request->getServer('TYPECHO_DB_ADAPTER', install_get_current_db_driver()),
             'dbNext' => $request->getServer('TYPECHO_DB_NEXT', 'none'),
             'dbSslCa' => $request->getServer('TYPECHO_DB_SSL_CA'),
-            'dbSslVerify' => $request->getServer('TYPECHO_DB_SSL_VERIFY', 'on'),
+            'dbSslVerify' => $request->getServer('TYPECHO_DB_SSL_VERIFY', 'off'),
         ];
     } else {
         $config = $request->from([
@@ -1024,6 +1025,7 @@ function install_step_2_perform()
                 ->addRule('dbCharset', 'required', _t('确认您的配置'))
                 ->addRule('dbCharset', 'enum', _t('确认您的配置'), ['utf8'])
                 ->addRule('dbDatabase', 'required', _t('确认您的配置'))
+                ->addRule('dbSslVerify', 'enum', _t('确认您的配置'), ['on', 'off'])
                 ->run($config);
             break;
         case 'SQLite':
@@ -1058,7 +1060,7 @@ function install_step_2_perform()
 
     // bool ssl verify
     if (isset($dbConfig['sslVerify'])) {
-        $dbConfig['sslVerify'] = $dbConfig['sslVerify'] == 'on';
+        $dbConfig['sslVerify'] = $dbConfig['sslVerify'] == 'on' || !empty($dbConfig['sslCa']);
     }
 
     if (isset($dbConfig['file']) && preg_match("/^[a-z0-9]+\.[a-z0-9]{2,}$/i", $dbConfig['file'])) {

install/Mysql.php

@@ -76,8 +76,8 @@
         <li>
             <label class="typecho-label" for="dbSslVerify"><?php _e('启用数据库 SSL 服务端证书验证'); ?></label>
             <select name="dbSslVerify" id="dbSslVerify">
-                <option value="on"><?php _e('启用'); ?></option>
                 <option value="off"><?php _e('不启用'); ?></option>
+                <option value="on"><?php _e('启用'); ?></option>
             </select>
         </li>
     </ul>

install/Pgsql.php

@@ -6,13 +6,6 @@
         <p class="description"><?php _e('您可能会使用 "%s"', 'localhost'); ?></p>
     </li>
 </ul>
-<ul class="typecho-option">
-    <li>
-        <label class="typecho-label" for="dbPort"><?php _e('数据库端口'); ?></label>
-        <input type="text" class="text" name="dbPort" id="dbPort" value="5432"/>
-        <p class="description"><?php _e('如果您不知道此选项的意义, 请保留默认设置'); ?></p>
-    </li>
-</ul>
 <ul class="typecho-option">
     <li>
         <label class="typecho-label" for="dbUser"><?php _e('数据库用户名'); ?></label>
@@ -34,4 +27,28 @@
     </li
 </ul>
 
-<input type="hidden" name="dbCharset" value="utf8" />
+
+<details>
+    <summary>
+        <strong><?php _e('高级选项'); ?></strong>
+    </summary>
+    <ul class="typecho-option">
+        <li>
+            <label class="typecho-label" for="dbPort"><?php _e('数据库端口'); ?></label>
+            <input type="text" class="text" name="dbPort" id="dbPort" value="5432"/>
+            <p class="description"><?php _e('如果您不知道此选项的意义, 请保留默认设置'); ?></p>
+        </li>
+    </ul>
+
+    <input type="hidden" name="dbCharset" value="utf8" />
+
+    <ul class="typecho-option">
+        <li>
+            <label class="typecho-label" for="dbSslVerify"><?php _e('启用数据库 SSL 服务端证书验证'); ?></label>
+            <select name="dbSslVerify" id="dbSslVerify">
+                <option value="off"><?php _e('不启用'); ?></option>
+                <option value="on"><?php _e('启用'); ?></option>
+            </select>
+        </li>
+    </ul>
+</details>

var/Typecho/Db/Adapter/Pdo/Pgsql.php

@@ -62,8 +62,14 @@ class Pgsql extends Pdo
      */
     public function init(Config $config): \PDO
     {
+        $dsn = "pgsql:dbname={$config->database};host={$config->host};port={$config->port}";
+
+        if ($config->sslVerify) {
+            $dsn .= ';sslmode=require';
+        }
+
         $pdo = new \PDO(
-            "pgsql:dbname={$config->database};host={$config->host};port={$config->port}",
+            $dsn,
             $config->user,
             $config->password
         );

var/Typecho/Db/Adapter/Pgsql.php

@@ -42,6 +42,10 @@ class Pgsql implements Adapter
         $dsn = "host={$config->host} port={$config->port}"
             . " dbname={$config->database} user={$config->user} password={$config->password}";
 
+        if ($config->sslVerify) {
+            $dsn .= ' sslmode=require';
+        }
+
         if ($config->charset) {
             $dsn .= " options='--client_encoding={$config->charset}'";
         }