Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No documentation for SSL #159

Closed
SkeLLLa opened this issue Mar 9, 2020 · 5 comments
Closed

No documentation for SSL #159

SkeLLLa opened this issue Mar 9, 2020 · 5 comments
Labels
enhancement

Comments

@SkeLLLa
Copy link

SkeLLLa commented Mar 9, 2020
edited
Loading

Slonik lib doesn't have any documentation regarding SSL. Also I didn't find any way of passing rejectUnauthorized option to underlying pg.

Is it available? Or it's not implemented yet?

Thanks.
@SkeLLLa SkeLLLa added the bug label Mar 9, 2020
@hjr3
Copy link
Contributor

hjr3 commented Jul 13, 2020

This is not currently possible because https://github.com/brianc/node-postgres/tree/master/packages/pg-connection-string does not support setting this parameter into the ssl object. One of two things needs to happen:

  1. Slonik accepts a connection object.
  2. pg-connection-string connection string is updated to support something like var connectionString = 'pg:///?sslRejectAuthorization=true';

@aimee-gm
Copy link

aimee-gm commented Aug 8, 2020

@SkeLLLa as of v8.1.0 of pg, this can be configured using a query parameter on the connection string, or an environment variable: https://github.com/brianc/node-postgres/blob/f0bf3cda7b05be77e84c067a231bbb9db7c96c39/CHANGELOG.md#pg810

@matthew-white
Copy link

Slonik itself seems to specify false for rejectUnauthorized when SSL options are specified:

slonik/src/factories/createPoolConfiguration.ts

Lines 31 to 36 in 6ec1299

if (poolConfiguration.ssl) {
poolConfiguration.ssl = {
rejectUnauthorized: false,
...poolConfiguration.ssl,
};
}

However, I don't see a way to specify true. Slonik uses pg-connection-string, but I don't see a pg-connection-string option that would result in true for rejectUnauthorized. (There's sslmode=no-verify, but that sets rejectUnauthorized to false.) Similarly, pg looks at the PGSSLMODE environment variable, but there doesn't seem to be a way to use that to set rejectUnauthorized to true. (There's also the pg option ssl=no-verify, but I think pg-connection-string will parse that out, and again, that sets rejectUnauthorized to false.)

@matthew-white matthew-white mentioned this issue Aug 2, 2021
Closed
@gajus
Copy link
Owner

gajus commented Aug 2, 2021

Would be open to a custom pg-connection-string implementation that respects these settings. Never got around to do it myself, though that is a pretty simple and valuable contribution anyone could make.

@gajus
Copy link
Owner

gajus commented Nov 15, 2021

You now have two options:

@gajus gajus closed this as completed Nov 15, 2021
@matthew-white matthew-white mentioned this issue Nov 17, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@hjr3 @gajus @SkeLLLa @matthew-white @aimee-gm