ParseConfig currently treats the libpq "verify-ca" SSL mode as
"verify-full". This is okay from a security standpoint because
"verify-full" performs certificate verification and hostname
verification, whereas "verify-ca" only performs certificate
verification.
The downside to this approach is that checking the hostname is
unnecessary when the server's certificate has been signed by a private
CA. It can also cause the SSL handshake to fail when connecting to an
instance by IP. For example, a Google Cloud SQL instance typically
doesn't have a hostname and uses its own private CA to sign its
server and client certs.
This change uses the tls.Config.VerifyPeerCertificate function to
perform certificate verification without checking the hostname when the
"verify-ca" SSL mode is set. This brings pgconn's behavior closer to
that of libpq.
See https://github.com/golang/go/issues/21971#issuecomment-332693931
and https://pkg.go.dev/crypto/tls?tab=doc#example-Config-VerifyPeerCertificate
for more details on how this is implemented.
Added convenient way to check whether a statement was a select, insert,
update, or delete. These methods do not allocate.
RowsAffected now does not allocate even when a large number of rows are
affected. It also is multiple times faster, though the absolute change
is inconsequential.
PostgreSQL 9.3 is EOL so it doesn't make sense for pgconn to
specifically support. There are no known incompatibilities but it will
not longer be tested.
Original implementation: 2d9d8dc52ac211c6191c08e050c03588aa633038 by
Joshua Barone <joshua.barone@gmail.com>.
Also changed DSN tests to use "dbname" as key rather than "database" as
that is what the PostgreSQL documentation specifies. "database" still
actually works but it should not be encouraged as it is non-standard.
