Fix sslinline for connections after the first one.

The sslinline functionality would delete the required keys after upgrading the first connection. This commit adds the sslinine key to the isDriverSetting so that it is not sent to Posgres which would cause a crash. It also removes the delete of the keys necessary for sslinline to allow SSL upgrades for connections after the first one.
lib · Apr 19, 2021 · 69b14f1 · 69b14f1
1 parent d076090
commit 69b14f1
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 9 deletions.
diff --git a/conn.go b/conn.go
@@ -1106,7 +1106,7 @@ func isDriverSetting(key string) bool {
 		return true
 	case "password":
 		return true
-	case "sslmode", "sslcert", "sslkey", "sslrootcert":
+	case "sslmode", "sslcert", "sslkey", "sslrootcert", "sslinline":
 		return true
 	case "fallback_application_name":
 		return true

diff --git a/ssl.go b/ssl.go
@@ -59,9 +59,6 @@ func ssl(o values) (func(net.Conn) (net.Conn, error), error) {
 		return nil, err
 	}
 
-	// This pseudo-parameter is not recognized by the PostgreSQL server, so let's delete it after use.
-	delete(o, "sslinline")
-
 	// Accept renegotiation requests initiated by the backend.
 	//
 	// Renegotiation was deprecated then removed from PostgreSQL 9.5, but
@@ -89,9 +86,6 @@ func sslClientCertificates(tlsConf *tls.Config, o values) error {
 	sslinline := o["sslinline"]
 	if sslinline == "true" {
 		cert, err := tls.X509KeyPair([]byte(o["sslcert"]), []byte(o["sslkey"]))
-		// Clear out these params, in case they were to be sent to the PostgreSQL server by mistake
-		o["sslcert"] = ""
-		o["sslkey"] = ""
 		if err != nil {
 			return err
 		}
@@ -157,8 +151,6 @@ func sslCertificateAuthority(tlsConf *tls.Config, o values) error {
 
 		var cert []byte
 		if sslinline == "true" {
-			// // Clear out this param, in case it were to be sent to the PostgreSQL server by mistake
-			o["sslrootcert"] = ""
 			cert = []byte(sslrootcert)
 		} else {
 			var err error