-
Notifications
You must be signed in to change notification settings - Fork 94
Description
Is your feature request related to a problem? Please describe.
When connecting to a remote database that is not exposed to the internet using SSH tunnels, the self-signed CA will not match the servers certificate name as for the connecting client the server name would be "localhost".
Describe the solution you'd like
Since the server is trusted and we just need a secure connection from the client, please support no-verify
as a valid option for the sslmode
option.
Currently if we try using no-verify
option the following error is thrown
ConnectionParamsError: Supplied DSN has invalid sslmode 'no-verify'
Additional context
This is especially painful when the servers are hosted on AWS RDS (Postgres) and there is a requirement for connecting to them using the postgres client.
The servers certificate will have the certificate issued for the fully qualified name and when connecting over SSH tunnel and using localhost
as the host name we receive error
TLS connection failed with message: invalid peer certificate: NotValidForName