From e9073f5a00f225670899b2a466fe18b5b047201d Mon Sep 17 00:00:00 2001 From: "Brian M. Carlson" Date: Tue, 5 May 2020 11:03:29 -0500 Subject: [PATCH] Cleanup & comments --- packages/pg/lib/connection-parameters.js | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/packages/pg/lib/connection-parameters.js b/packages/pg/lib/connection-parameters.js index eead3c39..83aa1e4e 100644 --- a/packages/pg/lib/connection-parameters.js +++ b/packages/pg/lib/connection-parameters.js @@ -25,9 +25,11 @@ var val = function (key, config, envVar) { return config[key] || envVar || defaults[key] } -var useSsl = function (modeFromConfig) { +var normalizeSSLConfig = function (modeFromConfig) { // if the ssl parameter passed to config is not a string, just return it // directly (it will be passed directly to tls.connect) + // this way you can pass all the ssl params in via constructor: + // new Client({ ssl: { minDHSize: 1024 } }) etc if (modeFromConfig !== undefined && typeof modeFromConfig !== 'string') { return modeFromConfig } @@ -41,6 +43,11 @@ var useSsl = function (modeFromConfig) { case 'verify-ca': case 'verify-full': return true + // no-verify is not standard to libpq but allows specifying + // you require ssl but want to bypass server certificate validation. + // this is a very common way to connect in heroku so we support it + // vai both environment variables (PGSSLMODE=no-verify) as well + // as in connection string params ?ssl=no-verify case 'no-verify': return { rejectUnauthorized: false } } @@ -77,8 +84,8 @@ var ConnectionParameters = function (config) { }) this.binary = val('binary', config) - // this.ssl = typeof config.ssl === 'undefined' ? useSsl() : config.ssl - this.ssl = useSsl(config.ssl) + + this.ssl = normalizeSSLConfig(config.ssl) this.client_encoding = val('client_encoding', config) this.replication = val('replication', config) // a domain socket begins with '/'