Allow users to pass certs when PG environment variable PGSSLMODE is s…

…pecified and is either require, verify-ca or verify-full.
brianc · Apr 19, 2021 · e0af654 · e0af654
1 parent 6121bd3
commit e0af654
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/packages/pg/lib/connection-parameters.js b/packages/pg/lib/connection-parameters.js
@@ -1,6 +1,7 @@
 'use strict'
 
 var dns = require('dns')
+var fs = require('fs')
 
 var defaults = require('./defaults')
 
@@ -23,10 +24,15 @@ var readSSLConfigFromEnvironment = function () {
     case 'disable':
       return false
     case 'prefer':
+      return true
     case 'require':
     case 'verify-ca':
     case 'verify-full':
-      return true
+      return {
+        ca: process.env.PGSSLROOTCERT ? fs.readFileSync(process.env.PGSSLROOTCERT).toString() : undefined,
+        key: process.env.PGSSLKEY ? fs.readFileSync(process.env.PGSSLKEY).toString() : undefined,
+        cert: process.env.PGSSLCERT ? fs.readFileSync(process.env.PGSSLCERT).toString() : undefined,
+      }
     case 'no-verify':
       return { rejectUnauthorized: false }
   }