will / crystal-pg

a postgres driver for crystal
BSD 3-Clause "New" or "Revised" License
463 stars 78 forks source link

cockroach db #237

Open jkthorne opened 3 years ago

jkthorne commented 3 years ago

I am having trouble connecting to the free instance of coackroachdb. I have read through the issues, and it seems to be connected to certs. I have tried disabling SSL and not including any SSL options.

It seems like there are two problems. SSL certs and options params. I am not sure I can get the client to get the correct SSL cert to use to connect to cockroachdb. Also, options have to be passed to cockroachdb to enable a lot of the features, including clusters. from the return errors. I do not think the options are being passed correctly.

here is a connection url you can get from the cockroachdb website postgresql://user:pass@domain.cockroachlabs.cloud:26257/defaultdb?sslmode=verify-full&sslrootcert=$HOME/.postgresql/root.crt&options=--cluster%3Dkcrystal-1234

will commented 3 years ago

The options params at least I don’t think is a general postgres protocol thing. libpq does a few to manage how it operates but it's all over the place what libpq does with them. Some change what types of SCRAM is accepted, some say where to look for certs. So I'm not sure what a options=--cluster%3Dkcrystal-1234 would actually do?

cyangle commented 2 years ago

@wontruefree You should be able to connect with below connection string, you need to add the cluster name as db prefix and accept cleartext auth method.

But the problem is that it seems like the option sslmode=verify-full has no effect, it still connects without providing the sslrootcert.

postgresql://user:pass@domain.cockroachlabs.cloud:26257/crystal-1234.defaultdb?auth_methods=cleartext,md5,scram-sha-256&sslmode=verify-full&sslrootcert=$HOME/.postgresql/root.crt

@will Does crystal-pg support sslmode=verify-full?