fix(pgdriver): enable TLS by default with InsecureSkipVerify=true

uptrace · Oct 17, 2021 · 15ec635 · 15ec635
1 parent df066ef
commit 15ec635
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/driver/pgdriver/config.go b/driver/pgdriver/config.go
@@ -56,6 +56,8 @@ func newDefaultConfig() *Config {
 
 		ReadTimeout:  10 * time.Second,
 		WriteTimeout: 5 * time.Second,
+
+		TLSConfig: &tls.Config{InsecureSkipVerify: true},
 	}
 
 	cfg.Dialer = func(ctx context.Context, network, addr string) (net.Conn, error) {
@@ -98,6 +100,12 @@ func WithTLSConfig(tlsConfig *tls.Config) Option {
 	}
 }
 
+func WithInsecure(on bool) Option {
+	return func(cfg *Config) {
+		cfg.TLSConfig = nil
+	}
+}
+
 func WithUser(user string) Option {
 	if user == "" {
 		panic("user is empty")
@@ -238,10 +246,10 @@ func parseDSN(dsn string) ([]Option, error) {
 	switch sslMode := q.string("sslmode"); sslMode {
 	case "verify-ca", "verify-full":
 		opts = append(opts, WithTLSConfig(new(tls.Config)))
-	case "allow", "prefer", "require":
+	case "allow", "prefer", "require", "":
 		opts = append(opts, WithTLSConfig(&tls.Config{InsecureSkipVerify: true}))
-	case "disable", "":
-		// no TLS config
+	case "disable":
+		opts = append(opts, WithInsecure(true))
 	default:
 		return nil, fmt.Errorf("pgdriver: sslmode '%s' is not supported", sslMode)
 	}

diff --git a/driver/pgdriver/config_test.go b/driver/pgdriver/config_test.go
@@ -105,6 +105,7 @@ func TestParseDSN(t *testing.T) {
 
 			cfg := c.Config()
 			cfg.Dialer = nil
+			cfg.TLSConfig = nil
 
 			require.Equal(t, test.cfg, cfg)
 		})

diff --git a/driver/pgdriver/driver_test.go b/driver/pgdriver/driver_test.go
@@ -263,7 +263,7 @@ func sqlDB() *sql.DB {
 func dsn() string {
 	dsn := os.Getenv("PG")
 	if dsn == "" {
-		dsn = "postgres://postgres:@localhost:5432/test"
+		dsn = "postgres://postgres:@localhost:5432/test?sslmode=disable"
 	}
 	return dsn
 }