Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support TLS encryption #107

Closed
brendanlong opened this issue Apr 28, 2021 · 4 comments · Fixed by #108
Closed

Support TLS encryption #107

brendanlong opened this issue Apr 28, 2021 · 4 comments · Fixed by #108
Assignees
@brendanlong
Labels
enhancement

Comments

@brendanlong
Copy link
Contributor

No description provided.

@brendanlong brendanlong self-assigned this Apr 28, 2021
@brendanlong
Copy link
Contributor Author

I'm guessing to do this, I'll need to change the functor to use Conduit: https://github.com/mirage/ocaml-conduit

@brendanlong
Copy link
Contributor Author

I'm wondering if it's possible to ignore this in the main functor and handle it entire in Pgx_async / Pgx_lwt /etc. We'll have to make sure there's reasonable error handling though.

@brendanlong

This comment has been minimized.

Sign in to view
@brendanlong brendanlong mentioned this issue Apr 29, 2021
Open
@brendanlong
Copy link
Contributor Author

Here's the Postgres documentation for doing TLS: https://www.postgresql.org/docs/9.3/protocol-flow.html#AEN100021

Essentially we need to:

  1. Send an SSLRequest message
  2. Wait for a single byte from the server ('S' or 'N')
  3. If the byte was 'S', upgrade the current connection to use TLS. If the byte was 'N' just continue to the next step.
  4. Continue the normal setup

brendanlong added a commit that referenced this issue Apr 29, 2021
@brendanlong
PoC: Add TLS support
c62474c 
This adds TLS support for Pgx_async using Conduit.

This is only a proof of concept because:

- We're using the Conduit.V1 interface, which we may not want to rely on
  (the latest is V3)
- We need to add support for Pgx_async
- We probably need better error handling than asserts

Resolves #107
@brendanlong brendanlong mentioned this issue Apr 29, 2021
Merged
brendanlong added a commit that referenced this issue May 11, 2021
@brendanlong
Add TLS support for Pgx_async (#108)
cdef3ff 
This adds TLS support for Pgx_async using Conduit.

There are a few things that aren't ideal about this:

- We're using the Conduit.V1 interface, which we may not want to rely on (the latest is V3)
- We haven't implemented this for Lwt yet since they don't expose the same SSL upgrade interface in Conduit

Resolves #107
yomimono pushed a commit to yomimono/pgx that referenced this issue Mar 8, 2022
@brendanlong @yomimono
Add TLS support for Pgx_async (arenadotio#108)
5d2e19e 
This adds TLS support for Pgx_async using Conduit.

There are a few things that aren't ideal about this:

- We're using the Conduit.V1 interface, which we may not want to rely on (the latest is V3)
- We haven't implemented this for Lwt yet since they don't expose the same SSL upgrade interface in Conduit

Resolves arenadotio#107
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brendanlong brendanlong

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add TLS support for Pgx_async arenadotio/pgx
1 participant
@brendanlong