-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Additional SSL configuration for database #433
Labels
enhancement
New feature or behavior
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Right now, the Backend database config provides limited support around SSL. The config may include an optional
ssl
property, which if specified, must betrue
. Whenssl
istrue
,rejectUnauthorized
is automatically specified asfalse
. We set it up this way because Slonik provided limited configuration around SSL and seemed to setrejectUnauthorized
tofalse
. We also wanted to ensure that Slonik and Knex connect to the database in the same way. (For additional background, see #377 and #394.)That said, the latest release of Slonik (v25.1.0) provides additional options around SSL: see gajus/slonik#159 and gajus/slonik@6c3b178. It looks like it's now possible to use SSL without setting
rejectUnauthorized
tofalse
.I think this is a useful change, but I also think it might be a breaking change for us. Slonink seems to no longer use
pg-connection-string
to parse the connection string. Relatedly, it seems to no longer supportssl
as a query parameter: it wants SSL options to be specified in a different way.I think we'll need to look more into this before upgrading to v25.1.0 or later. It's also nice that this would provide a way for us to support additional SSL configuration.
CC also @florianm, who I know is interested in these options.
The text was updated successfully, but these errors were encountered: