search

vapor / postgres-nio

🐘 Non-blocking, event-driven Swift client for PostgreSQL.
https://api.vapor.codes/postgresnio/documentation/postgresnio/
MIT License
323 stars 75 forks source link

Server and Client Self Signed Certificates #517

Closed thoven87 closed 3 hours ago

thoven87 commented 3 hours ago

Is your feature request related to a problem? Please describe. Allow user to specify TLS configuration options.

Previously, one could do the the following to connect to server with self signed certificates forClient(certificateVerification: .none))

forClient is deprecated and makeClientConfiguration() is the preferred TLS config options,

One cannot update the TLS configuration as suggested in the doc

var config =  PostgresClient.Configuration(
        host: env.get("POSTGRES_HOST") ?? "localhost",
        port: env.get("POSTGRES_PORT", as: Int.self) ?? 5432,
        username: env.get("POSTGRES_USERNAME") ?? "postgres",
        password: env.get("POSTGRES_PASSWORD") ?? "postgres",
        database: env.get("POSTGRES_DATABASE") ?? "postgres",
        tls: .prefer(.makeClientConfiguration())
)
config.tls. certificateVerification = .none /// This does not work

Describe the solution you'd like I would love for makeClientConfiguration to accept some arguments which allow overriding some of the options or drop deprecated status for both forClient and forServer

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context I experienced the connection failure when attempting to connect to a Postgres instance where the certificate was self signed.

gwynne commented 3 hours ago

You can just do this:

var tlsConfig = TLSConfiguration.makeClientConfiguration()
tlsConfig.certificateVerification = .none

var config = PostgresClient.Configuration(
        host: env.get("POSTGRES_HOST") ?? "localhost",
        port: env.get("POSTGRES_PORT", as: Int.self) ?? 5432,
        username: env.get("POSTGRES_USERNAME") ?? "postgres",
        password: env.get("POSTGRES_PASSWORD") ?? "postgres",
        database: env.get("POSTGRES_DATABASE") ?? "postgres",
        tls: .prefer(tlsConfig)
)
thoven87 commented 3 hours ago

You can just do this:

var tlsConfig = TLSConfiguration.makeClientConfiguration()
tlsConfig.certificateVerification = .none

var config = PostgresClient.Configuration(
        host: env.get("POSTGRES_HOST") ?? "localhost",
        port: env.get("POSTGRES_PORT", as: Int.self) ?? 5432,
        username: env.get("POSTGRES_USERNAME") ?? "postgres",
        password: env.get("POSTGRES_PASSWORD") ?? "postgres",
        database: env.get("POSTGRES_DATABASE") ?? "postgres",
        tls: .prefer(tlsConfig)
)

Thank You!