Skip to content
Permalink
Browse files

--sslmode support for tls connections

  • Loading branch information...
mlapshin committed Jan 9, 2019
1 parent eb286f4 commit 13427749fa5792f5ceea1859ad0452fb71f08beb
Showing with 42 additions and 0 deletions.
  1. +35 −0 db.go
  2. +7 −0 main.go
35 db.go
@@ -2,6 +2,7 @@ package main

import (
"context"
"crypto/tls"
"fmt"
"log"

@@ -10,6 +11,7 @@ import (

// PgConnectionConfig struct stores credentials for PG connection
type PgConnectionConfig struct {
SSLMode string
Host string
Port uint
Username string
@@ -30,6 +32,39 @@ func GetPgxConnectionConfig(cfg *pgx.ConnConfig) pgx.ConnConfig {
Database: PgConfig.Database,
}

// Match libpq default behavior
if PgConfig.SSLMode == "" {
PgConfig.SSLMode = "prefer"
}

switch PgConfig.SSLMode {
case "disable":
mainConfig.UseFallbackTLS = false
mainConfig.TLSConfig = nil
mainConfig.FallbackTLSConfig = nil
case "allow":
mainConfig.UseFallbackTLS = true
mainConfig.FallbackTLSConfig = &tls.Config{InsecureSkipVerify: true}
case "prefer":
mainConfig.TLSConfig = &tls.Config{InsecureSkipVerify: true}
mainConfig.UseFallbackTLS = true
mainConfig.FallbackTLSConfig = nil
case "require":
mainConfig.TLSConfig = &tls.Config{InsecureSkipVerify: true}
case "verify-ca", "verify-full":
mainConfig.TLSConfig = &tls.Config{
ServerName: mainConfig.Host,
}
default:
panic("--sslmode param is invalid")
}

envConfig, err := pgx.ParseEnvLibpq()

if err == nil {
mainConfig = envConfig.Merge(mainConfig)
}

if cfg != nil {
mainConfig = mainConfig.Merge(*cfg)
}
@@ -66,6 +66,13 @@ func main() {
EnvVar: "PGUSER",
Destination: &PgConfig.Username,
},
cli.StringFlag{
Name: "sslmode, s",
Value: "prefer",
Usage: "PostgreSQL sslmode setting (disable/allow/prefer/require/verify-ca/verify-full)",
EnvVar: "PGSSLMODE",
Destination: &PgConfig.SSLMode,
},
cli.StringFlag{
Name: "fhir, f",
Value: "3.3.0",

0 comments on commit 1342774

Please sign in to comment.
You can’t perform that action at this time.