Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ssl option servername is ignored #2803

Open
gabegorelick opened this issue Sep 1, 2022 · 0 comments · May be fixed by #2804
Open

ssl option servername is ignored #2803

gabegorelick opened this issue Sep 1, 2022 · 0 comments · May be fixed by #2804

Comments

@gabegorelick
Copy link
Contributor

The servername option of tls.connect is necessary if the host for SNI is different from the host for the connection. But node-postgres ignores whatever you set for servername and instead uses host:

node-postgres/packages/pg/lib/connection.js

Lines 90 to 97 in 8250af4

if (net.isIP(host) === 0) {
options.servername = host
}
try {
self.stream = tls.connect(options)
} catch (err) {
return self.emit('error', err)
}

If options.servername is specified, node-postgres should not override that.

Relevant Node docs:

Server name for the SNI (Server Name Indication) TLS extension. It is the name of the host being connected to, and must be a host name, and not an IP address. It can be used by a multi-homed server to choose the correct certificate to present to the client
@gabegorelick gabegorelick linked a pull request Sep 1, 2022 that will close this issue
Open
gabegorelick added a commit to gabegorelick/node-postgres that referenced this issue Sep 1, 2022
@gabegorelick
Allow setting ssl.servername
80a12b5 
Fixes brianc#2803
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Allow setting ssl.servername gabegorelick/node-postgres
1 participant
@gabegorelick