GOMODULES
/
pgx
mirror of https://github.com/jackc/pgx.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Skip certificate verification for sslmode "require" 

This more appropriately aligns the behaviour of the library with
that advertised by the postgres documentation.

According to the table on the official documentation page
https://www.postgresql.org/docs/current/static/libpq-ssl.html,
the "require" mode should be used when:

"I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want."

This maps reasonably well to a TLS config that skips certificate verification.
pull/319/head
Johan Brandhorst 2017-09-08 20:44:10 +01:00 committed by GitHub
parent b70fb1c7cf
commit 30fa7cc37f
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
conn.go
View File

@ -711,7 +711,9 @@ func configSSL(sslmode string, cc *ConnConfig) error {
cc.TLSConfig = &tls.Config{InsecureSkipVerify: true}
cc.UseFallbackTLS = true
cc.FallbackTLSConfig = nil
case "require", "verify-ca", "verify-full":
case "require":
cc.TLSConfig = &tls.Config{InsecureSkipVerify: true}
case "verify-ca", "verify-full":
cc.TLSConfig = &tls.Config{
ServerName: cc.Host,
}