Skip to content

Default to non-encrypted connection when no SSL certificate is provided #71

New issue
New issue
Closed
#83
Closed
Default to non-encrypted connection when no SSL certificate is provided#71
#83
Labels
C-bugCategory: something isn't workingreleased
@thorwebdev

Description

@thorwebdev
thorwebdev
opened on Apr 27, 2023

Bug report

  • I confirm this is a bug with Supabase, not with my own application.
  • I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

When opening a TLS connection to Postgres edge runtime should fall back to a non-encrypted connection when no SSL certificate is provided. Currently

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

  1. Set up connection with deno postgres (e.g. https://github.com/thorwebdev/edgy-edge-functions/blob/main/supabase/functions/postgres-on-the-edge/index.ts )
  2. supabase functions serve --no-verify-jwt --env-file supabase/.env
  3. Navigate to http://localhost:54321/functions/v1/postgres-on-the-edge
  4. See error
Function "postgres-on-the-edge" up and running!
Sending fatal alert BadCertificate
TypeError: Cannot read properties of undefined (reading 'InvalidData')
    at Connection.#startup (https://deno.land/x/postgres@v0.17.0/connection/connection.ts:276:46)
    at async Connection.startup (https://deno.land/x/postgres@v0.17.0/connection/connection.ts:360:21)
    at async PoolClient.connect (https://deno.land/x/postgres@v0.17.0/client.ts:161:13)
    at async https://deno.land/x/postgres@v0.17.0/pool.ts:165:17
    at async Promise.all (index 0)
    at async Pool.#initialize (https://deno.land/x/postgres@v0.17.0/pool.ts:169:63)
    at async Pool.connect (https://deno.land/x/postgres@v0.17.0/pool.ts:113:9)
    at async Server.<anonymous> (file:///home/deno/functions/postgres-on-the-edge/index.ts:19:28)
    at async Server.#respond (https://deno.land/std@0.114.0/http/server.ts:245:30)

Expected behavior

Fall back to non-encrypted connection.

Additional context

  1. ✅ When providing the cert it works as expected:
// Create a database pool with one connection.
const pool = new Pool(
  {
    tls: { caCertificates: [Deno.env.get("DB_SSL_CERT")!] },
    database: "postgres",
    hostname: "db.bljghubhkofddfrezkhn.supabase.co",
    user: "postgres",
    port: 5432,
    password: Deno.env.get("DB_PASSWORD"),
  },
  1
);
  1. ✅ When specifically disabling TLS it works as expected
// Create a database pool with one connection.
const pool = new Pool(
  {
    tls: { enabled: false },
    database: "postgres",
    hostname: "db.bljghubhkofddfrezkhn.supabase.co",
    user: "postgres",
    port: 5432,
    password: Deno.env.get("DB_PASSWORD"),
  },
  1
);
  1. ❌ When omitting tls setting it fails
// Create a database pool with one connection.
const pool = new Pool(
  {
    database: "postgres",
    hostname: "db.bljghubhkofddfrezkhn.supabase.co",
    user: "postgres",
    port: 5432,
    password: Deno.env.get("DB_PASSWORD"),
  },
  1
);

System information

  • OS: mac os
  • Version of supabase cli: 1.50.13

Metadata

Metadata

Assignees

No one assigned

    Labels

    C-bugCategory: something isn't workingreleased

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions