Fixed problem with require sslmode

chandr-andr · chandr-andr · commit 6f930d7c7aa2 · 2024-07-21T19:00:38.000+02:00
Signed-off-by: chandr-andr (Kiselev Aleksandr) &lt;chandr@chandr.net&gt;
diff --git a/python/tests/test_ssl_mode.py b/python/tests/test_ssl_mode.py
@@ -74,3 +74,25 @@ async def test_ssl_mode_require_pool_builder(
     pool = builder.build()
 
     await pool.execute("SELECT 1")
+
+
+async def test_ssl_mode_require_without_ca_file(
+    postgres_host: str,
+    postgres_user: str,
+    postgres_password: str,
+    postgres_port: int,
+    postgres_dbname: str,
+) -> None:
+    builder = (
+        ConnectionPoolBuilder()
+        .max_pool_size(10)
+        .host(postgres_host)
+        .port(postgres_port)
+        .user(postgres_user)
+        .password(postgres_password)
+        .dbname(postgres_dbname)
+        .ssl_mode(SslMode.Require)
+    )
+    pool = builder.build()
+
+    await pool.execute("SELECT 1")
diff --git a/src/driver/common_options.rs b/src/driver/common_options.rs
@@ -64,7 +64,7 @@ impl TargetSessionAttrs {
 }
 
 #[pyclass]
-#[derive(Clone, Copy)]
+#[derive(Clone, Copy, PartialEq)]
 pub enum SslMode {
     /// Do not use TLS.
     Disable,
diff --git a/src/driver/connection_pool.rs b/src/driver/connection_pool.rs
@@ -1,6 +1,6 @@
 use crate::runtime::tokio_runtime;
 use deadpool_postgres::{Manager, ManagerConfig, Object, Pool, RecyclingMethod};
-use openssl::ssl::{SslConnector, SslMethod};
+use openssl::ssl::{SslConnector, SslMethod, SslVerifyMode};
 use postgres_openssl::MakeTlsConnector;
 use pyo3::{pyclass, pyfunction, pymethods, PyAny};
 use std::{sync::Arc, vec};
@@ -13,7 +13,7 @@ use crate::{
 };
 
 use super::{
-    common_options::{ConnRecyclingMethod, LoadBalanceHosts, SslMode, TargetSessionAttrs},
+    common_options::{self, ConnRecyclingMethod, LoadBalanceHosts, SslMode, TargetSessionAttrs},
     connection::Connection,
     utils::build_connection_config,
 };
@@ -104,6 +104,15 @@ pub fn connect(
         builder.set_ca_file(ca_file)?;
         let tls_connector = MakeTlsConnector::new(builder.build());
         mgr = Manager::from_config(pg_config, tls_connector, mgr_config);
+    } else if let Some(ssl_mode) = ssl_mode {
+        if ssl_mode == common_options::SslMode::Require {
+            let mut builder = SslConnector::builder(SslMethod::tls())?;
+            builder.set_verify(SslVerifyMode::NONE);
+            let tls_connector = MakeTlsConnector::new(builder.build());
+            mgr = Manager::from_config(pg_config, tls_connector, mgr_config);
+        } else {
+            mgr = Manager::from_config(pg_config, NoTls, mgr_config);
+        }
     } else {
         mgr = Manager::from_config(pg_config, NoTls, mgr_config);
     }

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ impl TargetSessionAttrs {`
`64`	`64`	`}`
`65`	`65`
`66`	`66`	`#[pyclass]`
`67`		`-#[derive(Clone, Copy)]`
	`67`	`+#[derive(Clone, Copy, PartialEq)]`
`68`	`68`	`pub enum SslMode {`
`69`	`69`	`/// Do not use TLS.`
`70`	`70`	`Disable,`