Closed Sn0wfreezeDev closed 1 year ago
AWS databases use self-signed certificates, you need to pass a root cert or node cert to trust in the TLS configuration. You can find where to get these at https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html (may be different if it's managed by Heroku)
Okay, then I did an error when trying to verify the cert with the openssl CLI. Heroku does not mention that the certificates are self-signed or signed by an untrusted CA. For Node.js they require that unauthorized certificates are not rejected. To me this sounds a bit unsafe. The URL might have a solution to the problem. Thanks for that 😊
Here's the documentation from Heroku: https://devcenter.heroku.com/articles/connecting-heroku-postgres#connection-permissions
That's the Node.js Config:
ssl: {
rejectUnauthorized: false
}
There's an example of a workaround in the docs, but the best way is to get a cert to trust from Heroku. I'm going to close this as it's an issue with Heroku rather than the library but feel free to reopen if anything else comes up!
Describe the bug
Not sure if this bug is caused by SwiftNIO TLS or by the postgres-nio connection. I have a DB running on AWS (over Heroku) and the Vapor app receives the necessary info on how to connect to the DB over an environment variable, but I also verified this by hardcoding the DB credentials on macOS.
When I try to create a DB connection I use this code:
This is exactly the same code as the one that is implemented in the test suite here.
When I try to create the connection, I receive an SSL validation error from SwiftNIO. If I use the config from the test suite, it works just fine. Even with the same TLS settings. To my AWS instance I am only able to connect, if I disable certificate validation.
Here's the error that I receive:
To Reproduce
I would not like to publicly share the full credentials of the DB server (even if this one is just for development). But I can share the AWS URL, so can verify the issue when entering some made up credentials.
AWS DB Server URL: ec2-54-228-218-84.eu-west-1.compute.amazonaws.com
Steps to reproduce the behavior:
Expected behavior
A connection to the server should not result in an SSL error. Since the server is managed by AWS, the SSL certificate should be right. Running an evaluation of the certificate with openssl in the command line works fine:
Environment