Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure sslmode=disable is respected #268

Merged
merged 1 commit into from
May 12, 2023
Merged

Ensure sslmode=disable is respected #268

merged 1 commit into from
May 12, 2023

Conversation

ellmetha
Copy link
Contributor

@ellmetha ellmetha commented May 11, 2023
edited
Loading

It appears that crystal-pg is not compatible with PostgreSQL instances that do not have SSL support, and it seems to be ignoring the sslmode=disable parameter. This issue is particularly evident with PostgreSQL databases provisioned in Fly.io since they are accessed over an encrypted internal network, and SSL is not supported in such cases (ref).

To illustrate, I was trying to make this seemingly simple script work:

require "db"
require "pg"

DB.connect ENV["DATABASE_URL"] do |cnn|
  p cnn
end

And I got the following trace:

Trace 
Unhandled exception:  (DB::ConnectionRefused)
  from lib/pg/src/pg/connection.cr:16:9 in 'initialize'
  from lib/pg/src/pg/connection.cr:7:5 in 'new'
  from lib/pg/src/pg/driver.cr:3:5 in 'build_connection'
  from lib/db/src/db.cr:163:5 in 'build_connection'
  from lib/db/src/db.cr:159:5 in 'build_connection'
  from lib/db/src/db.cr:142:5 in '__crystal_main'
  from /usr/share/crystal/src/crystal/main.cr:115:5 in 'main_user_code'
  from /usr/share/crystal/src/crystal/main.cr:101:7 in 'main'
  from /usr/share/crystal/src/crystal/main.cr:127:3 in 'main'
  from /lib/x86_64-linux-gnu/libc.so.6 in '??'
  from /lib/x86_64-linux-gnu/libc.so.6 in '__libc_start_main'
  from bin/test in '_start'
  from ???
Caused by: SSL_connect: I/O error (OpenSSL::SSL::Error)
  from /usr/share/crystal/src/openssl/ssl/socket.cr:34:11 in 'initialize:context:sync_close'
  from /usr/share/crystal/src/openssl/ssl/socket.cr:3:5 in 'new:context:sync_close'
  from lib/pg/src/pq/connection.cr:60:16 in 'negotiate_ssl'
  from lib/pg/src/pq/connection.cr:40:7 in 'initialize'
  from lib/pg/src/pq/connection.cr:21:5 in 'new'
  from lib/pg/src/pg/connection.cr:13:23 in 'initialize'
  from lib/pg/src/pg/connection.cr:7:5 in 'new'
  from lib/pg/src/pg/driver.cr:3:5 in 'build_connection'
  from lib/db/src/db.cr:163:5 in 'build_connection'
  from lib/db/src/db.cr:159:5 in 'build_connection'
  from lib/db/src/db.cr:142:5 in '__crystal_main'
  from /usr/share/crystal/src/crystal/main.cr:115:5 in 'main_user_code'
  from /usr/share/crystal/src/crystal/main.cr:101:7 in 'main'
  from /usr/share/crystal/src/crystal/main.cr:127:3 in 'main'
  from /lib/x86_64-linux-gnu/libc.so.6 in '??'
  from /lib/x86_64-linux-gnu/libc.so.6 in '__libc_start_main'
  from bin/test in '_start'
  from ???
Caused by: SSL_connect: Resource temporarily unavailable (RuntimeError)

It should be noted that while I was testing this, the DATABASE_URL environment variable was complying to the following format: postgres://<user>:<pwd>@<host>:<port>/<db>?sslmode=disable.

This seems to indicate that crystal-pg is trying to require an SSL connection when it shouldn't.

In this pull request, I am providing a fairly simple fix to this. Let me know if I am missing something or if this is not the right way to go about this!

@will
Copy link
Owner

will commented May 12, 2023

Great find! Thanks for sending this in

@will will merged commit 53f6586 into will:master May 12, 2023
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ellmetha @will