Build out SSL testing infrastructure

[sfackler]

We should really be running Postgres both with SSL on and off to fully test the different SslModes.

[mfirry]

Slightly related, I need to connect to a Heroku based postgres instance and they require to user ssl=require. Haven't found any example here doing it.

[sfackler]

You'd pass SslMode::Require to Connection::connect. Require holds an SslContext from rust-openssl, which you'll need to configure a bit if you want things like host key verification (which you almost certainly do).

[mfirry]

Ok cool. I don't think there's much to configure (I mean I've used Heroku's postgres from other platform and literally all I needed was to add ssl=require*).

I'm having issues using rust-openssl actually. Any chance to find a simple example with SslMode::Require here soon?

*https://devcenter.heroku.com/articles/connecting-to-heroku-postgres-databases-from-outside-of-heroku#ssl

[sfackler]

What problems are you having with it?

[mfirry]

Here's what I'm trying to do (newbie alert!):

let ctx = SslContext::new(Sslv23).unwrap();
let conn = Connection::connect("postgres://user@localhost", &SslMode::Require(ctx));

now to do that I had to add

extern crate openssl;

and also import

use ssl::SslMethod::Sslv23;
use ssl::SslContext;

and now I'm getting error: unresolved importssl::SslContext.

What am I missing?

[sfackler]

use openssl::ssl::SslMethod::Sslv23;
use openssl::ssl::SslContext;

[mfirry]

Awesome! Thanks!

[asultanpur]

This doesn't work with with recent versions, I'm using 0.9.1. How do I enable SSL? I am unable to figure out what I should pass to SslMode::Require.

[sfackler]

@asultanpur enable the openssl feature on rust-postgres in your Cargo.toml and then pass an SslContext to Require: https://github.com/sfackler/rust-postgres/blob/master/tests/test.rs#L628-L635

[asultanpur]

Sorry for confirming late, it works. Thank you.

[umegaya]

disclaimer: I'm new to rust (3 days). so I may misunderstand very fundamental thing.

I cannot get compiled ssl-enabled mode initialization. its almost like following:

let ctx = Box::new(SslContext::new(SslMethod::Sslv23).unwrap());
let conn = try!(Connection::connect(url, &SslMode::Require(ctx)));

Im using 0.10, and I add openssl feature to Cargo.toml like that.

[features]
default = ["with_syntex", "openssl"]
nightly = ["serde_macros", "openssl"]
with_syntex = ["serde_codegen", "syntex"]

then compiler reports following error:

the trait `postgres::io::NegotiateSsl` is not implemented for the type `openssl::ssl::SslContext`

seems openssl feature does not have effect. (src/io/mod.rs)

but even if I also try feature flag to cargo directly

cargo build --features="openssl"

same error reports again. am I missing something? thanks in advance.

[sfackler]

You'll want to make sure your Cargo.toml activates rust-postgres's openssl feature. For example

[features]
my_ssl_feature = ["openssl", "postgres/openssl"]

[umegaya]

hi, I manage to compile my code. thank you for your quick response! spend happy X'mas :D

[sfackler]

Awesome!