vscode-sqltools icon indicating copy to clipboard operation
vscode-sqltools copied to clipboard

Published 20 hours ago verified publisher icon mtxr

"self signed certificate" issue when creating new DB connections

Open tchase56 opened this issue 4 years ago • 6 comments

I noticed in v0.22.10 when I create a new connection I get a "self signed certificate" issue when testing the connection. This seems to be due to the "rejectUnauthorized" setting under "node-pg driver specific options". It says that the default behavior should be set to True but it should only have an effect if "requestCert" is set to True (requestCert is False by default).

When I check and uncheck the "rejectUnauthorized" setting my connection works as it did before the update (this forces that setting to be False. This seems like a bug since "rejectUnauthorized" should only have an effect if "requestCert" is set to True (it is not by default).

tchase56 avatar Jun 27 '20 23:06 tchase56

Tried installing for the first time running against a local pgsql instance and get the same error. Checking / unchecking makes the test work, but doesn't work to actually run any queries which give the same error message.

malcolmvincent avatar Jul 10 '20 09:07 malcolmvincent

I also encountered this issue. I discovered that you can only work around the issues by check and uncheck both rejectUnauthorized and requestCert. Then everything works after this hack.

gordonlau avatar Jul 16 '20 04:07 gordonlau

You can manually edit the settings and remove the pgOptions.ssl stuff which also disables the use of SSL.

Remove this:

"pgOptions": {
    "ssl": {}
},

Or change it to:

"pgOptions": {
    "ssl": false
},

bikeshedder avatar Jul 24 '20 10:07 bikeshedder

Quick note to get the fix above to work cause this had me confused, the "pgOptions" setting (I thought it must be a sqltools setting) is inside the connection settings so you fill everything with the gui, then select Open settings at the bottom and then Edit in settings.json there you'll find the part that needs to be modified, works like a charm.

pablo-evanson avatar Aug 07 '20 19:08 pablo-evanson

Note the fix above only works if the server you're connecting to doesn't require ssl connections, like a default RDS database does.

samwaterlily avatar Sep 21 '23 13:09 samwaterlily

For RDS (and all other postgres with required ssl) there is a workaround

$ export NODE_TLS_REJECT_UNAUTHORIZED='0' $ code .

or setup NODE_TLS_REJECT_UNAUTHORIZED='0' environment variable in any other way.

It'll be great to have option to allow unauthorized certs to be used without providing CA directly in connection settings.

devorgpl avatar Dec 17 '23 19:12 devorgpl