From fc415d0d80d9f569c769f05466af91ffd6c55112 Mon Sep 17 00:00:00 2001
From: Thibault Charbonnier <thibaultcha@me.com>
Date: Fri, 29 Jun 2018 16:00:41 -0700
Subject: [PATCH] fix(db) allow self-signed certificates in migrations

A port of 68d358b to the new DAO, now that it is also used within the
migrations.

See #2908
---
 kong/db/strategies/cassandra/connector.lua | 6 ++++++
 kong/db/strategies/postgres/connector.lua  | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/kong/db/strategies/cassandra/connector.lua b/kong/db/strategies/cassandra/connector.lua
index ae8c18036a5..a6ce839b7af 100644
--- a/kong/db/strategies/cassandra/connector.lua
+++ b/kong/db/strategies/cassandra/connector.lua
@@ -25,6 +25,12 @@ function CassandraConnector.new(kong_config)
   if ngx.IS_CLI then
     local policy = require("resty.cassandra.policies.reconnection.const")
     cluster_options.reconn_policy = policy.new(100)
+
+    -- Force LuaSocket usage in the CLI in order to allow for self-signed
+    -- certificates to be trusted (via opts.cafile) in the resty-cli
+    -- interpreter (no way to set lua_ssl_trusted_certificate).
+    local socket = require "cassandra.socket"
+    socket.force_luasocket("timer", true)
   end
 
   if kong_config.cassandra_username and kong_config.cassandra_password then
diff --git a/kong/db/strategies/postgres/connector.lua b/kong/db/strategies/postgres/connector.lua
index 632e364aefc..3c67d248a1f 100644
--- a/kong/db/strategies/postgres/connector.lua
+++ b/kong/db/strategies/postgres/connector.lua
@@ -98,6 +98,9 @@ local setkeepalive
 local function connect(config)
   local phase  = get_phase()
   if phase == "init" or phase == "init_worker" or ngx.IS_CLI then
+    -- Force LuaSocket usage in the CLI in order to allow for self-signed
+    -- certificates to be trusted (via opts.cafile) in the resty-cli
+    -- interpreter (no way to set lua_ssl_trusted_certificate).
     config.socket_type = "luasocket"
 
   else