mwild1 / luadbi

Multi-backend SQL database library for Lua
MIT License
42 stars 15 forks source link

Support SSL connection options #44

Open abeluck opened 6 years ago

abeluck commented 6 years ago

Both postgresql and mysql support SSL connections and have various options that need to be supplied by the client. Presumably Oracle does too.

We would love to be able to connect our prosody instance to a remote database server over SSL.

abeluck commented 6 years ago

Since each provider has its own ssl semantics, I wonder if the best approach is to abstract and provide some sort of common ssl opts interface. But then what about other reasonable provider-specific opts that users might want implemented?

Maybe instead a strategy would be to have a generic config hash that can be plumbed down so each driver can be their own special snowflake.

abeluck commented 6 years ago

It turns out in the postgres case that you can actually connect with SSL certs by providing a conninfo string to the database parameter like:

// in lua
database = "sslmode=require host=10.34.0.3 dbname=actual_databae_name;

"If the dbName contains an = sign or has a valid connection URI prefix, it is taken as a conninfo string" https://www.postgresql.org/docs/9.6/static/libpq-connect.html

Then in /var/lib/prosody/.postgresql/ you place your ca cert and client keypair.

There are tons of options/flags you can add to a conninfo string: https://www.postgresql.org/docs/9.6/static/libpq-connect.html#LIBPQ-PARAMKEYWORDS

So maybe this is just a documentation issue?