search

sfackler / rust-postgres

Native PostgreSQL driver for the Rust programming language
Apache License 2.0
3.52k stars 446 forks source link

Helper for switching on sslmode and MakeTlsConnect<Socket> #1139

Closed ryandotsmith closed 6 months ago

ryandotsmith commented 6 months ago

Hello. I would like to make a function that uses the config to determine if we should build a connection using NoTls or an SslConnector but I'm having a difficult time lining up the types. Any suggestions?

fn get_tls_connector(cfg: &Config) -> postgres_openssl::MakeTlsConnector {
    match cfg.get_ssl_mode() {
        tokio_postgres::config::SslMode::Prefer | tokio_postgres::config::SslMode::Require => {
            let mut builder = SslConnector::builder(SslMethod::tls()).unwrap();
            builder.set_verify(SslVerifyMode::NONE);
            MakeTlsConnector::new(builder.build())
        }
        _ => NoTls,
    }
}
sfackler commented 6 months ago

Why do you need to do that instead of just always using the real connector?

ryandotsmith commented 6 months ago

I would need to do that if I was unaware that connecting to a locally running postgres over tls is a perfectly fine thing to do ;)

thank you

sfackler commented 6 months ago

You don't even need to connect over TLS - a connector like postgres_openssl allows you to connect with TLS, it doesn't require it.

ryandotsmith commented 6 months ago

I was wondering about that. Good to know. Is there ever a reason to use NoTls?

sfackler commented 6 months ago

If you know you're not going to use TLS it avoids some extra dependencies.