Also a relatively simple solution but SNI is also needed (sometimes) for unverified SSL (for example in the case of neon.tech). Or any modern postgres cloud providers.
The solution is relatively simple:
From this:
default_ssl_options(Host, Ssl) ->
case Ssl of
ssl_disabled -> {false, []};
ssl_unverified -> {true, [{verify, verify_none}]};
ssl_verified -> {true, [
{verify, verify_peer},
{cacerts, public_key:cacerts_get()},
{server_name_indication, binary_to_list(Host)},
{customize_hostname_check, [
{match_fun, public_key:pkix_verify_hostname_match_fun(https)}
]}
]}
end.
To this:
default_ssl_options(Host, Ssl) ->
case Ssl of
ssl_disabled -> {false, []};
ssl_unverified -> {true, [
{verify, verify_none},
{server_name_indication, binary_to_list(Host)}
]};
ssl_verified -> {true, [
{verify, verify_peer},
{cacerts, public_key:cacerts_get()},
{server_name_indication, binary_to_list(Host)},
{customize_hostname_check, [
{match_fun, public_key:pkix_verify_hostname_match_fun(https)}
]}
]}
end.
I think that's all needed in order to get modern cloud postgres working properly with pog.
If you want me to make a PR im happy to, just relatively new to contributing to open source.
Also a relatively simple solution but SNI is also needed (sometimes) for unverified SSL (for example in the case of neon.tech). Or any modern postgres cloud providers.
The solution is relatively simple:
From this:
To this:
I think that's all needed in order to get modern cloud postgres working properly with pog.
If you want me to make a PR im happy to, just relatively new to contributing to open source.