Closed andreafspeziale closed 3 years ago
Which version of pg are you using, via pg-promise?
Note: it’s probably best not to set rejectUnauthorized: false
if you’re aiming for sslmode=verify-full
.
Thanks @charmander, I thought it was conflicting by checking a self signed cert. I will change it to true
but the error still persists.
Here is my package.json
{
"name": "psql-ssl-poc",
"version": "1.0.0",
"description": "Testing SSL connection with local PSQL instance",
"main": "index.js",
"scripts": {
"start": "nodemon --watch 'src/**/*.ts' --exec 'ts-node' src/index.ts"
},
"keywords": [
"psql",
"ssl",
"ts"
],
"author": "Andrea Speziale",
"license": "ISC",
"devDependencies": {
"@types/node": "^14.14.6",
"nodemon": "^2.0.6",
"ts-node": "^9.0.0",
"typescript": "^4.0.5"
},
"dependencies": {
"pg-promise": "^10.7.1"
}
}
"pg-promise": "^10.7.1"
Some of the versions of pg-promise this can match depend on pg 8.4.1, which is affected by #2392. You need pg 8.5.0 or later, meaning pg-promise 10.7.4 or later. Can you check your package-lock.json for the specific versions in use?
Thanks for the hint! In fact it is actually using:
"pg": {
"version": "8.4.1",
"resolved": "https://registry.npmjs.org/pg/-/pg-8.4.1.tgz",
"integrity": "sha512-NRsH0aGMXmX1z8Dd0iaPCxWUw4ffu+lIAmGm+sTCwuDDWkpEgRCAHZYDwqaNhC5hG5DRMOjSUFasMWhvcmLN1A==",
"requires": {
"buffer-writer": "2.0.0",
"packet-reader": "1.0.0",
"pg-connection-string": "^2.4.0",
"pg-pool": "^3.2.1",
"pg-protocol": "^1.3.0",
"pg-types": "^2.1.0",
"pgpass": "1.x"
}
},
I've updated it in my POC and now it is:
"pg": {
"version": "8.5.1",
"resolved": "https://registry.npmjs.org/pg/-/pg-8.5.1.tgz",
"integrity": "sha512-9wm3yX9lCfjvA98ybCyw2pADUivyNWT/yIP4ZcDVpMN0og70BUWYEGXPCTAQdGTAqnytfRADb7NERrY1qxhIqw==",
"requires": {
"buffer-writer": "2.0.0",
"packet-reader": "1.0.0",
"pg-connection-string": "^2.4.0",
"pg-pool": "^3.2.2",
"pg-protocol": "^1.4.0",
"pg-types": "^2.1.0",
"pgpass": "1.x"
}
},
and I'm super happy because it is perfectly working.
Thank you so much @charmander I believe we can consider this issue closed.
Hello guys and thanks for your hard work.
I've managed to create a local development environment which uses PSQL and self-signed certificates. (Some hints here)
My docker-compose
My snippet code:
The problem is that even If I'm able to successfully verify the certs:
openssl verify -CAfile src/client/ca.crt -purpose sslclient src/client/client.crt
=>src/client/client.crt: OK
and even If I'm able to successfully connect to the PSQL server by command line:
I have the following error running the upper code snippet:
Thanks in advance!