Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SSL/TLS support for Postgres connection string #3410

Merged
merged 1 commit into from Aug 24, 2019
Merged

Conversation

hjr3
Copy link
Contributor

@hjr3 hjr3 commented Aug 23, 2019

  • Upgrade pg-connection-string to 2.1.0

Fixes #852

- Upgrade pg-connection-string to 2.1.0

Fixes knex#852
@hjr3
Copy link
Contributor Author

@hjr3 hjr3 commented Aug 23, 2019

I released pg-connection-string v2.1.0 which fixes the issues with ssl connection string. I tested this on my local fork.

@kibertoad
Copy link
Collaborator

@kibertoad kibertoad commented Aug 24, 2019

Thanks!

@kibertoad kibertoad merged commit e878f38 into knex:master Aug 24, 2019
2 checks passed
woyuen added a commit to stelace/stelace that referenced this issue Jul 30, 2020
Some database providers only accepts requests with SSL enabled
(e.g. Timescale Cloud).

We support the following SSL options: ssl, cert, key, ca
Those options will map from Knex.js to the library
https://github.com/iceddev/pg-connection-string
thanks to the Knex.js PR
knex/knex#3410

Please be careful when configuring SSL connection.
Passing key value into cert or inversely can trigger
an uncaught exception and even `process.on('uncaughtException', fn)`
cannot catch it.
woyuen added a commit to stelace/stelace that referenced this issue Aug 14, 2020
Some database providers only accepts requests with SSL enabled
(e.g. Timescale Cloud).

We support the following SSL options: ssl, cert, key, ca
Those options will map from Knex.js to the library
https://github.com/iceddev/pg-connection-string
thanks to the Knex.js PR
knex/knex#3410

Please be careful when configuring SSL connection.
Passing key value into cert or inversely can trigger
an uncaught exception and even `process.on('uncaughtException', fn)`
cannot catch it.
woyuen added a commit to stelace/stelace that referenced this issue Aug 15, 2020
Some database providers only accepts requests with SSL enabled
(e.g. Timescale Cloud).

We support the following SSL options: ssl, cert, key, ca
Those options will map from Knex.js to the library
https://github.com/iceddev/pg-connection-string
thanks to the Knex.js PR
knex/knex#3410

Please be careful when configuring SSL connection.
Passing key value into cert or inversely can trigger
an uncaught exception and even `process.on('uncaughtException', fn)`
cannot catch it.

* docs: add instructions to configure SSL for production

* refactor: merge Docker PostgreSQL images to keep only SSL one

* test: use multi-domains certificate

for local and CircleCI environments.

Previously, test was failing with a single-domain certificate.
SSL certificate was rejected for CircleCI as the host
didn't match the certificate information (localhost).

For tests, we used a self-signed multi-domains certificate
to check database SSL connections.
However generating a self-signed multi-domain certificate isn't enough
for Node.js, as it will reject it because it is self-signed.
To overcome this, we have to sign it with
another root certificate (that can be self-signed).

For Knex connection configuration, we need to provide
the two certificates as `sslcert` and `sslca` properties.
In real world usage, you may only need to specify one of
them.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants