You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, the Backend database config provides limited support around SSL. The config may include an optional ssl property, which if specified, must be true. When ssl is true, rejectUnauthorized is automatically specified as false. We set it up this way because Slonik provided limited configuration around SSL and seemed to set rejectUnauthorized to false. We also wanted to ensure that Slonik and Knex connect to the database in the same way. (For additional background, see #377 and #394.)
That said, the latest release of Slonik (v25.1.0) provides additional options around SSL: see gajus/slonik#159 and gajus/slonik@6c3b178. It looks like it's now possible to use SSL without setting rejectUnauthorized to false.
I think this is a useful change, but I also think it might be a breaking change for us. Slonink seems to no longer use pg-connection-string to parse the connection string. Relatedly, it seems to no longer support ssl as a query parameter: it wants SSL options to be specified in a different way.
I think we'll need to look more into this before upgrading to v25.1.0 or later. It's also nice that this would provide a way for us to support additional SSL configuration.
CC also @florianm, who I know is interested in these options.
The text was updated successfully, but these errors were encountered:
Right now, the Backend database config provides limited support around SSL. The config may include an optional
sslproperty, which if specified, must betrue. Whensslistrue,rejectUnauthorizedis automatically specified asfalse. We set it up this way because Slonik provided limited configuration around SSL and seemed to setrejectUnauthorizedtofalse. We also wanted to ensure that Slonik and Knex connect to the database in the same way. (For additional background, see #377 and #394.)That said, the latest release of Slonik (v25.1.0) provides additional options around SSL: see gajus/slonik#159 and gajus/slonik@6c3b178. It looks like it's now possible to use SSL without setting
rejectUnauthorizedtofalse.I think this is a useful change, but I also think it might be a breaking change for us. Slonink seems to no longer use
pg-connection-stringto parse the connection string. Relatedly, it seems to no longer supportsslas a query parameter: it wants SSL options to be specified in a different way.I think we'll need to look more into this before upgrading to v25.1.0 or later. It's also nice that this would provide a way for us to support additional SSL configuration.
CC also @florianm, who I know is interested in these options.
The text was updated successfully, but these errors were encountered: