Update packages/pg/lib/connection-parameters.js. Fix SSL issue (#2723)

dapeleg-dn · dapeleg-dn · commit f9240ff9f2de · 2023-06-01T14:44:11.000+03:00
diff --git a/packages/pg/lib/connection-parameters.js b/packages/pg/lib/connection-parameters.js
@@ -1,6 +1,7 @@
 'use strict'
 
 var dns = require('dns')
+var fs = require('fs');
 
 var defaults = require('./defaults')
 
@@ -26,7 +27,35 @@ var readSSLConfigFromEnvironment = function () {
     case 'require':
     case 'verify-ca':
     case 'verify-full':
-      return true
+      var caFileName = val('sslrootcert', {})
+      if (!caFileName) {
+        throw new Error('Postgres SSL connection requested using PGSSLMODE environment variable, but no PGSSLROOTCERT environment variable defined')
+      }
+
+      var crtFileName = val('sslcert', {})
+      if (!crtFileName) {
+        throw new Error('Postgres SSL connection requested using PGSSLMODE environment variable, but no PGSSLCERT environment variable defined')
+      }
+
+      var keyFileName = val('sslkey', {})
+      if (!keyFileName) {
+        throw new Error('Postgres SSL connection requested using PGSSLMODE environment variable, but no PGSSLKEY environment variable defined')
+      }
+
+      var result = {
+        rejectUnauthorized: false,
+        ca: fs.readFileSync(caFileName).toString(),
+        cert: fs.readFileSync(crtFileName).toString()
+      }
+
+      // "hiding" the private key so it doesn't show up in stack traces
+      // or if the client is console.logged
+      Object.defineProperty(result, 'key', {
+        enumerable: false,
+        value: fs.readFileSync(keyFileName).toString()
+      })
+      
+      return result
     case 'no-verify':
       return { rejectUnauthorized: false }
   }
diff --git a/patch.patch b/patch.patch
@@ -0,0 +1,26 @@
+diff --git a/packages/pg/lib/connection-parameters.js b/packages/pg/lib/connection-parameters.js
+index 6a535a8..30934c2 100644
+--- a/packages/pg/lib/connection-parameters.js
++++ b/packages/pg/lib/connection-parameters.js
+@@ -26,7 +26,20 @@ var readSSLConfigFromEnvironment = function () {
+     case 'require':
+     case 'verify-ca':
+     case 'verify-full':
+-      return true
++      result = {
++        rejectUnauthorized: false,
++        ca: fs.readFileSync(val('sslrootcert', config)).toString(),
++        cert: fs.readFileSync(val('sslcert', config)).toString()
++      }
++
++      // "hiding" the private key so it doesn't show up in stack traces
++      // or if the client is console.logged
++      Object.defineProperty(result, 'key', {
++        enumerable: false,
++        value: fs.readFileSync(val('sslkey', config)).toString()
++      })
++      
++      return result
+     case 'no-verify':
+       return { rejectUnauthorized: false }
+   }
