Greg Curtis 4ed48d05d2 Implement "verify-ca" SSL mode
ParseConfig currently treats the libpq "verify-ca" SSL mode as
"verify-full". This is okay from a security standpoint because
"verify-full" performs certificate verification and hostname
verification, whereas "verify-ca" only performs certificate
verification.

The downside to this approach is that checking the hostname is
unnecessary when the server's certificate has been signed by a private
CA. It can also cause the SSL handshake to fail when connecting to an
instance by IP. For example, a Google Cloud SQL instance typically
doesn't have a hostname and uses its own private CA to sign its
server and client certs.

This change uses the tls.Config.VerifyPeerCertificate function to
perform certificate verification without checking the hostname when the
"verify-ca" SSL mode is set. This brings pgconn's behavior closer to
that of libpq.

See https://github.com/golang/go/issues/21971#issuecomment-332693931
and https://pkg.go.dev/crypto/tls?tab=doc#example-Config-VerifyPeerCertificate
for more details on how this is implemented.
2020-03-17 23:36:06 -07:00
2019-09-19 21:04:14 -05:00
2020-01-01 13:09:50 +02:00
2019-08-31 15:44:54 -05:00
2020-03-07 13:21:51 -06:00
2020-03-17 23:36:06 -07:00
2020-03-17 23:36:06 -07:00
2020-01-11 16:53:50 +02:00
2020-01-11 18:23:41 -06:00
2020-03-07 13:17:39 -06:00
2020-03-07 13:17:39 -06:00
2020-01-11 16:53:50 +02:00
2019-03-30 12:59:04 -05:00
2020-01-11 16:53:50 +02:00

Build Status

pgconn

Package pgconn is a low-level PostgreSQL database driver. It operates at nearly the same level as the C library libpq. It is primarily intended to serve as the foundation for higher level libraries such as https://github.com/jackc/pgx. Applications should handle normal queries with a higher level library and only use pgconn directly when required for low-level access to PostgreSQL functionality.

Example Usage

pgConn, err := pgconn.Connect(context.Background(), os.Getenv("DATABASE_URL"))
if err != nil {
	log.Fatalln("pgconn failed to connect:", err)
}
defer pgConn.Close()

result := pgConn.ExecParams(context.Background(), "SELECT email FROM users WHERE id=$1", [][]byte{[]byte("123")}, nil, nil, nil)
for result.NextRow() {
	fmt.Println("User 123 has email:", string(result.Values()[0]))
}
_, err := result.Close()
if err != nil {
	log.Fatalln("failed reading result:", err)
})

Testing

The pgconn tests require a PostgreSQL database. It will connect to the database specified in the PGX_TEST_CONN_STRING environment variable. The PGX_TEST_CONN_STRING environment variable can be a URL or DSN. In addition, the standard PG* environment variables will be respected. Consider using direnv to simplify environment variable handling.

Example Test Environment

Connect to your PostgreSQL server and run:

create database pgx_test;

Now you can run the tests:

PGX_TEST_CONN_STRING="host=/var/run/postgresql dbname=pgx_test" go test ./...

Connection and Authentication Tests

Pgconn supports multiple connection types and means of authentication. These tests are optional. They will only run if the appropriate environment variable is set. Run go test -v | grep SKIP to see if any tests are being skipped. Most developers will not need to enable these tests. See travis.yml for an example set up if you need change authentication code.

Description
PostgreSQL driver and toolkit for Go
Readme MIT 7.6 MiB
Languages
Go 98.6%
HTML 1.2%
Shell 0.2%