New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: disable automatic fallback from SSL to non-SSL DB connection #1249
Conversation
`Postgrex` connector we're using now doesn't support fallback behavior like this, so we're disabling it for `epgsql` connections as well. This commit also fixes application of the default value for requiring SSL, which was erroneously "false" before. This means that if your DB doesn't support SSL, you need to explicitly specify it via `DATABASE_REQUIRE_SSL=false` env variable or `?sslmode=disable` in the connection string.
{nil, nil} -> default_database_require_ssl | ||
{nil, _} -> false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alco match order made it so {nil, nil}
case never matched before this change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Addressed in #1261.
@icehaunter |
@samwillis We can also change the default to NOT use ssl - so that we break setups expecting SSL but with a better explicit error on startup stating "hey set this flag probably" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved, but don't merge until there is a docs PR please.
Postgrex
connector we're using now doesn't support fallback behavior like this, so we're disabling it forepgsql
connections as well. This commit also fixes application of the default value for requiring SSL, which was erroneously "false" before. This means that if your DB doesn't support SSL, you need to explicitly specify it viaDATABASE_REQUIRE_SSL=false
env variable or?sslmode=disable
in the connection string.