search

sfackler / rust-postgres

Native PostgreSQL driver for the Rust programming language
Apache License 2.0
3.43k stars 436 forks source link

Question: tokio_postgres: ssl: how to implement ssl rejectUnauthorized false #1033

Closed knnmran closed 1 year ago

knnmran commented 1 year ago

i am not able to connect to the RDS Postgres database using tokio_postgres.

i was trying to recreate the working node-pg config with SSL rejectUnauthorized false.

here is my working node-pg config. 

const config = {
  host: 'some_host',
  port: 5432,
  database: 'some_db_name',
  user: 'some_username',
  password: 'some_password',
  // this object will be passed to the TLSSocket constructor
  ssl: {
    rejectUnauthorized: false
  },
}

here is my tokio_postgres config:

let mut config = Config::new()

let (client, connection) = config
     .host("some_host")
     .port(5432)
     .db_name("some_db_name")
     .user("some_username")
     .password("some_password")
     // .ssl_mode(SslMode:Disable)
     // .ssl_mode(SslMode:Prefer)
     // .ssl_mode(SslMode:Require)
     .connect(NoTls)
     .await?;

tokio::spawn(async move {
     if let Err(e) = connection.await {
         error!("connection error: {}", e)
     }
})

errors i am getting: // .ssl_mode(SslMode:Disable) -> SqlState(E28000) "no pg_hba.conf entry for host \"some_host"\" ... , no encryption" // .ssl_mode(SslMode:Prefer) -> SqlState(E28000) "no pg_hba.conf entry for host \"some_host"\" ... , no encryption" // .ssl_mode(SslMode:Require) -> Error { kind: Tls, cause: Some(NoTlsError()) }

notes: i am able to connect using DBeaver without setting up SSL/TLS connection.

pg_stat_ssl table displays the result for both DBeaver and Node-pg connections as SSL = true version = TLSv1.2 cipher = AES128-SHA256

Server: PostgreSQL 14.6

i have tried implementing postgres_native_tls without the cert(because we are not using certs), thinking that might help but still, the connection refused.

nodejs docs on SSL rejectUnauthorized nodejs-tls_class_tls_tlssocket

sfackler commented 1 year ago

What was the error when using native-tls?

knnmran commented 1 year ago

Some(Error { code: -67843, message: "The certificate was not trusted."})

let connector = TlsConnector::builder().build()?;
let connector = MakeTlsConnector::new(connector);

let mut config = Config::new()

let (client, connection) = config
     .host("some_host")
     .port(5432)
     .db_name("some_db_name")
     .user("some_username")
     .password("some_password")
     .connect(connector)
     .await?;

tokio::spawn(async move {
     if let Err(e) = connection.await {
         error!("connection error: {}", e)
     }
})
sfackler commented 1 year ago

https://docs.rs/native-tls/latest/native_tls/struct.TlsConnectorBuilder.html#method.danger_accept_invalid_certs

knnmran commented 1 year ago

concentrated on tokio_postgres code i missed out on other parts. new to rust problems.

thanks @sfackler. i am able to connect, now.

let connector = TlsConnector::builder()
     .danger_accept_invalid_certs(true)
     .build()?;
let connector = MakeTlsConnector::new(connector);

let mut config = Config::new();

let (client, connection) = config
     .host("some_host")
     .port(5432)
     .db_name("some_db_name")
     .user("some_username")
     .password("some_password")
     .connect(connector)
     .await?;

tokio::spawn(async move {
     if let Err(e) = connection.await {
         error!("connection error: {}", e);
     }
});