Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert "Support additional tls.connect() options" #2010

Merged
merged 1 commit into from
Nov 20, 2019

Conversation

brianc
Copy link
Owner

@brianc brianc commented Nov 20, 2019

Reverts #1996

This is causing backwards compatibility issues. We don't have an tests in travis covering the expected behavior when connecting to a postgres server over SSL with a self-signed cert. Until we can get some tests up for that behavior I'm going to revert this to not break all existing folks who do a minor version upgrade.

For v8.0 we'll need to nail this down and make sure it's behaving properly. As this is the first I've heard of this I haven't dug in yet, but I will figure out what the proper behavior should be, do as much as we can in the next semver minor release (like supporting more ssl options), and make sure it behaves the same way a raw tls.connect call is made in node. It kinda blows my mind that node would treat self.ssl.rejectUnauthorized: undefined as false...

@brianc brianc merged commit 510a273 into master Nov 20, 2019
@charmander
Copy link
Collaborator

Publishing this as a minor version is also a backwards compatibility break, though I suppose almost nobody’ll be using the feature yet. Still, how about:

    const options = Object.assign({
      socket: self.stream,
      rejectUnauthorized: false,
    }, self.ssl)

@charmander charmander deleted the revert-1996-tls-options branch December 2, 2019 20:13
charmander added a commit to charmander/node-postgres that referenced this pull request Feb 25, 2020
charmander added a commit to charmander/node-postgres that referenced this pull request Feb 25, 2020
brianc pushed a commit that referenced this pull request Feb 25, 2020
brianc added a commit that referenced this pull request Mar 30, 2020
* Drop support for EOL versions of node (#2062)

* Drop support for EOL versions of node

* Re-add testing for [email protected]

* Revert changes to .travis.yml

* Update packages/pg-pool/package.json

Co-Authored-By: Charmander <[email protected]>

Co-authored-by: Charmander <[email protected]>

* Remove password from stringified outputs (#2066)

* Remove password from stringified outputs

Theres a security concern where if you're not careful and you include your client or pool instance in console.log or stack traces it might include the database password.  To widen the pit of success I'm making that field non-enumerable.  You can still get at it...it just wont show up "by accident" when you're logging things now.

The backwards compatiblity impact of this is very small, but it is still technically somewhat an API change so...8.0.

* Implement feedback

* Fix more whitespace the autoformatter changed

* Simplify code a bit

* Remove password from stringified outputs (#2070)

* Keep ConnectionParameters’s password property writable

`Client` writes to it when `password` is a function.

* Avoid creating password property on pool options

when it didn’t exist previously.

* Allow password option to be non-enumerable

to avoid breaking uses like `new Pool(existingPool.options)`.

* Make password property definitions consistent

in formatting and configurability.

Co-authored-by: Charmander <[email protected]>

* Make `native` non-enumerable (#2065)

* Make `native` non-enumerable

Making it non-enumerable means less spurious "Cannot find module"
errors in your logs when iterating over `pg` objects.

`Object.defineProperty` has been available since Node 0.12.

See #1894 (comment)

* Add test for `native` enumeration

Co-authored-by: Gabe Gorelick <[email protected]>

* Use class-extends to wrap Pool (#1541)

* Use class-extends to wrap Pool

* Minimize diff

* Test `BoundPool` inheritance

Co-authored-by: Charmander <[email protected]>
Co-authored-by: Brian C <[email protected]>

* Continue support for creating a pg.Pool from another instance’s options (#2076)

* Add failing test for creating a `BoundPool` from another instance’s settings

* Continue support for creating a pg.Pool from another instance’s options

by dropping the requirement for the `password` property to be enumerable.

* Use user name as default database when user is non-default (#1679)

Not entirely backwards-compatible.

* Make native client password property consistent with others

i.e. configurable.

* Make notice messages not an instance of Error (#2090)

* Make notice messages not an instance of Error

Slight API cleanup to make a notice instance the same shape as it was, but not be an instance of error.  This is a backwards incompatible change though I expect the impact to be minimal.

Closes #1982

* skip notice test in travis

* Pin [email protected] for regression in async iterators

* Check and see if node 13.8 is still borked on async iterator

* Yeah, node still has changed edge case behavior on stream

* Emit notice messages on travis

* Revert "Revert "Support additional tls.connect() options (#1996)" (#2010)" (#2113)

This reverts commit 510a273.

* Fix ssl tests (#2116)

* Convert Query to an ES6 class (#2126)

The last missing `new` deprecation warning for pg 8.

Co-authored-by: Charmander <[email protected]>
Co-authored-by: Gabe Gorelick <[email protected]>
Co-authored-by: Natalie Wolfe <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants