@@ -25,29 +25,15 @@ var val = function (key, config, envVar) {
2525 return config [ key ] || envVar || defaults [ key ]
2626}
2727
28- var normalizeSSLConfig = function ( modeFromConfig ) {
29- // if the ssl parameter passed to config is not a string, just return it
30- // directly (it will be passed directly to tls.connect)
31- // this way you can pass all the ssl params in via constructor:
32- // new Client({ ssl: { minDHSize: 1024 } }) etc
33- if ( modeFromConfig !== undefined && typeof modeFromConfig !== 'string' ) {
34- return modeFromConfig
35- }
36- const mode = modeFromConfig || process . env . PGSSLMODE
37-
38- switch ( mode ) {
28+ var readSSLConfigFromEnvironment = function ( ) {
29+ switch ( process . env . PGSSLMODE ) {
3930 case 'disable' :
4031 return false
4132 case 'prefer' :
4233 case 'require' :
4334 case 'verify-ca' :
4435 case 'verify-full' :
4536 return true
46- // no-verify is not standard to libpq but allows specifying
47- // you require ssl but want to bypass server certificate validation.
48- // this is a very common way to connect in heroku so we support it
49- // vai both environment variables (PGSSLMODE=no-verify) as well
50- // as in connection string params ?ssl=no-verify
5137 case 'no-verify' :
5238 return { rejectUnauthorized : false }
5339 }
@@ -85,7 +71,13 @@ var ConnectionParameters = function (config) {
8571
8672 this . binary = val ( 'binary' , config )
8773
88- this . ssl = normalizeSSLConfig ( config . ssl )
74+ this . ssl = typeof config . ssl === 'undefined' ? readSSLConfigFromEnvironment ( ) : config . ssl
75+
76+ // support passing in ssl=no-verify via connection string
77+ if ( this . ssl === 'no-verify' ) {
78+ this . ssl = { rejectUnauthorized : false }
79+ }
80+
8981 this . client_encoding = val ( 'client_encoding' , config )
9082 this . replication = val ( 'replication' , config )
9183 // a domain socket begins with '/'
0 commit comments