Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support additional tls.connect() options #1996

Merged
merged 5 commits into from
Nov 19, 2019
Merged

Support additional tls.connect() options #1996

merged 5 commits into from
Nov 19, 2019

Conversation

jgeurts
Copy link
Contributor

@jgeurts jgeurts commented Oct 22, 2019

No description provided.

@jgeurts
Copy link
Contributor Author

jgeurts commented Oct 22, 2019

The build error seems unrelated. Please let me know if it is related and there is something for me to fix.

@jgeurts
Copy link
Contributor Author

jgeurts commented Oct 25, 2019

@brianc any suggestions for how to get this merged?

@jgeurts
Copy link
Contributor Author

jgeurts commented Nov 10, 2019

@brianc Can you please help me with what needs to be done to get this merged? This allows for more secure connections to the db server

@brianc
Copy link
Owner

brianc commented Nov 10, 2019 via email

@charmander
Copy link
Collaborator

Tests need to be fixed (#1946), then this should probably have tests.

How about copying all of the remaining properties from self.ssl instead of listing each one, for automatic compatibility with most future additions?

Copy link
Owner

@brianc brianc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I merged the test fix so the current tests should pass. I agree w/ @charmander we should just splat in the ssl options into the object now as there are so many ssl options and they might change in the future....there's no real need to enumerate them all by hand here other than than when this code was initially written there were only a handful.

Also would be good to see a test (at least a unit test that checks the options are set on the socket) so we can be sure this works in the future.

secureOptions: self.ssl.secureOptions,
ALPNProtocols: self.ssl.ALPNProtocols,
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what if we just did

tls.connect(Object.assign({
  // all the non-ssl options here
}, self.ssl))

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works for me! I'll push an update shortly

@jgeurts
Copy link
Contributor Author

jgeurts commented Nov 11, 2019

@brianc should be all set. Let me know if there are any changes needed

Copy link
Collaborator

@charmander charmander left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This does change the behaviour for the existing properties being read from self.ssl when they aren’t own/enumerable, but it probably won’t affect anyone.

lib/connection.js Outdated Show resolved Hide resolved
@brianc
Copy link
Owner

brianc commented Nov 12, 2019 via email

Copy link
Owner

@brianc brianc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

awesome! I'll release a new minor version with this today. Got a bit destroyed by the travel so went afk for a few days.

@brianc brianc merged commit bf029c8 into brianc:master Nov 19, 2019
@teleranek
Copy link

teleranek commented Nov 20, 2019

This does change the behaviour for the existing properties being read from self.ssl when they aren’t own/enumerable, but it probably won’t affect anyone.

This already broke our server, I think there will be more -_- because you only need to init pg with connectionString for this to fail.

@charmander
Copy link
Collaborator

@teleranek Broke it how? #2009? If so: that it worked was a bug. You can get the previous behaviour back with rejectUnauthorized: false, but it’s best to actually make it validate the certificate.

@sh-developers
Copy link

This broke our server(s) as well, I just forced the version to 7.12.
Not a great update to do in a minor version update, would have preferred breaking change like this to be done in Major versions like semver recommends.

@teleranek
Copy link

Sorry @charmander have no time to investigate this, but it just suffice to pass only connectionString to proper ssl server with legit certificate and leave all options default. Most common way to connect. No matter if that's a bug or not, what matters that the default behaviour was changed in non-major version, not cool.

@brianc
Copy link
Owner

brianc commented Nov 20, 2019

Was an unintended mistake to change default behavior in a minor version. I'm going to fix this within the hour. Thanks for the patience.

brianc added a commit that referenced this pull request Nov 20, 2019
brianc added a commit that referenced this pull request Nov 20, 2019
@charmander
Copy link
Collaborator

Sorry @charmander have no time to investigate this, but it just suffice to pass only connectionString to proper ssl server with legit certificate and leave all options default.

I doubt that it actually has a legit certificate, and that you think it does is why this is a dangerous bug. But yes, it was introduced a long time ago, so I guess a major version is helpful to people.

@jgeurts jgeurts mentioned this pull request Jan 31, 2020
charmander added a commit to charmander/node-postgres that referenced this pull request Feb 25, 2020
charmander added a commit to charmander/node-postgres that referenced this pull request Feb 25, 2020
brianc pushed a commit that referenced this pull request Feb 25, 2020
brianc added a commit that referenced this pull request Mar 30, 2020
* Drop support for EOL versions of node (#2062)

* Drop support for EOL versions of node

* Re-add testing for [email protected]

* Revert changes to .travis.yml

* Update packages/pg-pool/package.json

Co-Authored-By: Charmander <[email protected]>

Co-authored-by: Charmander <[email protected]>

* Remove password from stringified outputs (#2066)

* Remove password from stringified outputs

Theres a security concern where if you're not careful and you include your client or pool instance in console.log or stack traces it might include the database password.  To widen the pit of success I'm making that field non-enumerable.  You can still get at it...it just wont show up "by accident" when you're logging things now.

The backwards compatiblity impact of this is very small, but it is still technically somewhat an API change so...8.0.

* Implement feedback

* Fix more whitespace the autoformatter changed

* Simplify code a bit

* Remove password from stringified outputs (#2070)

* Keep ConnectionParameters’s password property writable

`Client` writes to it when `password` is a function.

* Avoid creating password property on pool options

when it didn’t exist previously.

* Allow password option to be non-enumerable

to avoid breaking uses like `new Pool(existingPool.options)`.

* Make password property definitions consistent

in formatting and configurability.

Co-authored-by: Charmander <[email protected]>

* Make `native` non-enumerable (#2065)

* Make `native` non-enumerable

Making it non-enumerable means less spurious "Cannot find module"
errors in your logs when iterating over `pg` objects.

`Object.defineProperty` has been available since Node 0.12.

See #1894 (comment)

* Add test for `native` enumeration

Co-authored-by: Gabe Gorelick <[email protected]>

* Use class-extends to wrap Pool (#1541)

* Use class-extends to wrap Pool

* Minimize diff

* Test `BoundPool` inheritance

Co-authored-by: Charmander <[email protected]>
Co-authored-by: Brian C <[email protected]>

* Continue support for creating a pg.Pool from another instance’s options (#2076)

* Add failing test for creating a `BoundPool` from another instance’s settings

* Continue support for creating a pg.Pool from another instance’s options

by dropping the requirement for the `password` property to be enumerable.

* Use user name as default database when user is non-default (#1679)

Not entirely backwards-compatible.

* Make native client password property consistent with others

i.e. configurable.

* Make notice messages not an instance of Error (#2090)

* Make notice messages not an instance of Error

Slight API cleanup to make a notice instance the same shape as it was, but not be an instance of error.  This is a backwards incompatible change though I expect the impact to be minimal.

Closes #1982

* skip notice test in travis

* Pin [email protected] for regression in async iterators

* Check and see if node 13.8 is still borked on async iterator

* Yeah, node still has changed edge case behavior on stream

* Emit notice messages on travis

* Revert "Revert "Support additional tls.connect() options (#1996)" (#2010)" (#2113)

This reverts commit 510a273.

* Fix ssl tests (#2116)

* Convert Query to an ES6 class (#2126)

The last missing `new` deprecation warning for pg 8.

Co-authored-by: Charmander <[email protected]>
Co-authored-by: Gabe Gorelick <[email protected]>
Co-authored-by: Natalie Wolfe <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants