Skip to content

Support for sslmode no-verify #493

@vijayganeshpk

Description

@vijayganeshpk

Is your feature request related to a problem? Please describe.

When connecting to a remote database that is not exposed to the internet using SSH tunnels, the self-signed CA will not match the servers certificate name as for the connecting client the server name would be "localhost".

Describe the solution you'd like

Since the server is trusted and we just need a secure connection from the client, please support no-verify as a valid option for the sslmode option.

Currently if we try using no-verify option the following error is thrown

ConnectionParamsError: Supplied DSN has invalid sslmode 'no-verify'

Additional context

This is especially painful when the servers are hosted on AWS RDS (Postgres) and there is a requirement for connecting to them using the postgres client.

The servers certificate will have the certificate issued for the fully qualified name and when connecting over SSH tunnel and using localhost as the host name we receive error

TLS connection failed with message: invalid peer certificate: NotValidForName

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions