Open OliverBrotchie opened 4 years ago
Unfortunately Deno itself does not support enough configurability in connectTls
/startTls
to implement this. I am familiar with sslmode
in libpq, which is why instead of enableTls: boolean
I named the option sslMode
, expecting in the future to support more of them. But as I said: Deno support is a prerequisite here.
Unlike Amazon RDS (which works OK), Heroku PostgreSQL uses self-signed certificates. An alternative to require
would be to pass the certificate itself as certFile
and have it be trusted, but even this does not work as Deno has problems accepting self-signed certs. Bug here.
I attempted to get self signed certs working but to no avail. They may have been invalid but I followed Heroku's tutorial on self signed certs along with alternatives, but all returned errors.
Currently the only supported SSL mode is verify-full or disable but it does not support 'require' or 'prefer'. For example, to connect to Heroku PostgreSQL instance, it needs to be in 'require' mode.
https://www.postgresql.org/docs/12/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
If you add those options, it would be a huge help!