search

leafo / pgmoon

A pure Lua Postgres driver for use in OpenResty & more
MIT License
397 stars 93 forks source link

fix: pass ssl_version to luasec_opts #96

Closed ghost closed 3 years ago

ghost commented 4 years ago

It seems like the ssl_version parameter is needed by the luasec_opts table in order to do properly do the SSL handshake: https://github.com/leafo/pgmoon/blob/v1.11.0/pgmoon/init.lua#L589

Otherwise we would get an error like the following when calling pg:connect() to a server that accepts only TLS 1.2:

tlsv1 alert protocol version

Since the default is TLS 1.1: https://github.com/leafo/pgmoon/blob/v1.11.0/pgmoon/socket.lua#L52

With the introduction of version 12.x of Postgres, it gives you the ability to set the min and max TLS version.

ssl_min_protocol_version: https://www.postgresql.org/docs/12/runtime-config-connection.html#GUC-SSL-MIN-PROTOCOL-VERSION

ssl_max_protocol_version: https://www.postgresql.org/docs/12/runtime-config-connection.html#GUC-SSL-MAX-PROTOCOL-VERSION

So if one sets ssl_min_protocol_version to TLSv1.2 the above error will be thrown.

ghost commented 4 years ago

@leafo @ttfkam can you take a look?

ghost commented 4 years ago

@leafo @ttfkam any updates?

ghost commented 4 years ago

@leafo updated the init.moon with the changes too

leafo commented 3 years ago

Thanks for the patch, sorry I wasn't able to get it merged sooner. New version of pgmoon going out shortly.