dbgate icon indicating copy to clipboard operation
dbgate copied to clipboard

Published 20 hours ago verified publisher icon dbgate

BUG: cannot specify connection property sslmode=require

Open dataspun opened this issue 2 years ago • 7 comments

Describe the bug Creating/testing a connection fails when attempting to specify sslmode=require

To Reproduce Steps to reproduce the behavior:

  1. Create a connection to PostgreSQL using database URL
  2. Append ?sslmode=require (attempting this because SSL tab does not have equivalent option)
  3. Click the Test button
  4. See error: Connect failed: self signed certificate (details below)

Expected behavior A successful connection equivalent (such as when using equivalent settings with pgAdmin)

Error details Database connection error Error: self signed certificate at TLSSocket.onConnectSecure (_tls_wrap.js:1497:34) at TLSSocket.emit (events.js:315:20) at TLSSocket._finishInit (_tls_wrap.js:932:8) at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12) Error JSON: { "code": "DEPTH_ZERO_SELF_SIGNED_CERT" } Connection: { "server": "", "engine": "postgres@dbgate-plugin-postgres", "useDatabaseUrl": "", "sshMode": "userPassword", "sshKeyfile": "", "databaseUrl": "" } Platform: win32

Version Information:

  • OS: Windows
  • App Version: 5.0.6
  • Install: source installer
  • Type: application
  • Database engine: PostgreSQL

dataspun avatar Jul 08 '22 19:07 dataspun

Hi, thanks for your feedback.

Why do you need to add sslmode=require prameter? It seems, that problem is with self signed certificate, does it work without this parameter? What error is reported without ?sslmode=require ?

janproch avatar Jul 14 '22 12:07 janproch

Thanks for the follow-up! Some servers are configured to reject connections without the parameter. For instance, all Heroku Postgres client connections require SSL.

dataspun avatar Jul 14 '22 13:07 dataspun

I have tested it now agains heroku postgres database. It worked for me, I filled credentials on General page and than only I checked checkbox "Use SSL" on SSL tab

Without "Use SSL" checked, it returns following error:

error: no pg_hba.conf entry for host xxxx, user "yyyy", database "zzzz", no encryption

janproch avatar Jul 14 '22 13:07 janproch

Even with checking the checkbox "Use SSL" -- with or without the sslmode parameter -- the connection still fails. It's possible that a Heroku instance such as mine (enterprise private space with trusted IP ranges) will handle the sslmode more strictly. Any plans to enhance the SSL options and fix the self-signed cert issue?

dataspun avatar Jul 14 '22 14:07 dataspun

We are facing the same issue with DigitalOcean. DO enforces SSL mode and thus we cannot connect. What is weird, however, is that DO offers to download the CA but dbgate still complains about the self-signed certificate. Not sure about node.js, but in Java and Go it's possible to tell the runtime to simply accept self-signed certificates. Maybe there is an option in node.js like this, too?

Update: According to https://node-postgres.com/features/ssl#self-signed-cert there is indeed such an option: rejectUnauthorized

woeye avatar Dec 09 '22 22:12 woeye

Hi, any news about this issue ? i have the same problem trying to connect to aiven db, where sslmode=require is mandatory.

pmpetit avatar Jul 21 '23 11:07 pmpetit

same issue here

adamatti avatar Dec 11 '23 19:12 adamatti