Tags: lib/pq
Tags
Change default sslmode from "require" to "prefer" Now that sslmode=prefer is supported, we can use that as the default. "prefer" is the default used by libpq, pgx, and pretty much anything else connecting to PostgreSQL. I can't really find anything else that uses "require" as a default. You could argue that "require" is a better default, but: 1. "require" doesn't actually verify the certificates and accepts any certificate. I wouldn't say it's completely useless for production systems, but it does seem useless-adjacent. If you want SSL, you almost always want "verify-ca" or "verify-full". 2. Copy/pasting a connection string used by pq to something else will mean you silently drop the ssl so it's a very brittle default. 3. It's an annoying default because copy pasting a connection string from anything else to pq doesn't work. pq has used "require" as a default for a long time, but because it's such a brittle default that's easy to lose by using $anything_else I think it's okay to change. I will leave this open for a bit before merging, so if anyone objects it can be re-considered.
Don't send empty startup parameters
That's also what libpq does; from src/interfaces/libpq/fe-protocol3.c
if (conn->pguser && conn->pguser[0])
ADD_STARTUP_OPTION("user", conn->pguser);
if (conn->dbName && conn->dbName[0])
ADD_STARTUP_OPTION("database", conn->dbName);
if (conn->replication && conn->replication[0])
ADD_STARTUP_OPTION("replication", conn->replication);
if (conn->pgoptions && conn->pgoptions[0])
ADD_STARTUP_OPTION("options", conn->pgoptions);
if (conn->send_appname) {
/* Use appname if present, otherwise use fallback */
val = conn->appname ? conn->appname : conn->fbappname;
if (val && val[0])
ADD_STARTUP_OPTION("application_name", val);
}
if (conn->client_encoding_initial && conn->client_encoding_initial[0])
ADD_STARTUP_OPTION("client_encoding", conn->client_encoding_initial);
Sending an empty value works for most systems, but not in Supavisor due
to a bug there. Easy enough to fix here, so why not.
Fixes #1259
Co-authored-by: Martin Tournoij <martin@arp242.net>
PreviousNext