add rudimentary TLS support for postgres connections#2948
Open
conradludgate wants to merge 8 commits intorwf2:masterfrom
Open
add rudimentary TLS support for postgres connections#2948conradludgate wants to merge 8 commits intorwf2:masterfrom
conradludgate wants to merge 8 commits intorwf2:masterfrom
Conversation
Fixing typo.
- Update `gen_certs.sh` - Generate client cert as well by default - Set expiration to 10 years to match other certs - Set subject to match expected values in testbench test - Update testbench `mtls` to ignore key hash value, and only check issuer and subject.
commit 9fcc529 Author: Cormac Relf <web@cormacrelf.net> Date: Mon Apr 14 17:36:07 2025 +1000 Improve db_pools init: do not crash if DB unavailable during startup ## Why? When using `Pool::connect[_with]`, sqlx attempts to connect to the given database immediately, and the fairing will fail if there are any problems in that attempt (beyond obvious configuration problems that are found before hitting the network), e.g.: - the database is unavailable; or - the username/password is incorrect; or - the ssl configuration is invalid; or - any other connection issue. There are a few pros and cons to this approach: Pros: - In development, configuration errors are surfaced slightly faster Cons: - Databases are expected to be unavailable sometimes. It does not normally crash a server if one becomes unavailable after startup, so why should it prevent a server from starting at all? See [deadpool's justification]{https://docs.rs/deadpool} for not crashing. - In production/testing, slower to debug configuration or networking errors as your edit-test loop now involves restarting an application rather than refreshing a page or trying a request again. - Causes database or configuration issues to appear as "failed deployments" in standard deployment scenarios. - Introduces hard ordering constraints on operator actions during database recovery, requiring reboots to follow a functioning database or applications not to be restarted at certain times ## Effect of change The sqlx backend now behaves like the deadpool backend: no connection issues are surfaced during startup. You will not see them until you attempt to get a connection from the pool. That means rocket will launch and you can find problems like these in smoke tests.
commit 599d5ee Author: Paul Adenot <paul@paul.cx> Date: Wed Jan 1 18:21:18 2025 +0100 Fix Dockerfile example in "Deploying" chapter This now matches the layout of a typical project, instead of erroring out.
- Based on rwf2#2930 - Populates value from hyper version - Adds method to override version for local requests
Rust now warns when it determines that an elided lifetime has a name. This commit updates all of these cases to use the named lifetime instead.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This fixes #2820.
sqlxis also being configured to userustls-native-certs, so usingtokio-postgres-rustlsandrustls-native-certshere is consistent with that.I'm not happy with the error handling, tokio_postgres::Error does not let you construct it, so I cannot turn the rustls errors into a tokio_postgres::Error. I think the only way forward here is to create a custom MakeTlsConnect impl that lazily loads the certs, but that seems like a lot of effort for now.