SSL Not supported - Postgres

[mlsad3-cypressio]

When I try to connect forcing SSL...there is no way to do this.
For backwards compatibility, this is what I propose:

• Add 'connectionPassthrough' to config.knex
• If true, the pg.Client will be created ONLY with the config.knex.connection data
• If false, the pg.Client will continue being created with _masterConnectionUrl

Here is the change to PostgresDatabaseManager.js (around line 214):

PostgresDatabaseManager.prototype.create_masterClient = function() {
  var self = this;
  return new Promise(function(resolve, reject) {
    let client;
    if (self.config.knex.connectionPassthrough) {
      client = new pg.Client(self.config.knex.connection);
    } else {
      client = new pg.Client(self._masterConnectionUrl());
    }
    client.connect(function(err) {
      if (err) {
        reject(err);
      } else {
        resolve(client);
      }
    });
  });
};

And here is my knexfile.js:

const dotenv = require('dotenv');
const fs = require('fs');

dotenv.load();

module.exports = {
  client: 'pg',
  connection: {
    database: process.env.DB_NAME,
    user: process.env.DB_USER,
    password: process.env.DB_PASSWORD,
    host: process.env.DB_HOST,
    ssl: {
      ca: fs.readFileSync('../deployment/rds-ca-2019-root.pem'),
      rejectUnauthorized: true
    }
  },
  connectionPassthrough: true,
  pool: {
    min: 2,
    max: 10
  },
  migrations: {
    tableName: 'migrations'
  }
};

[elhigu]

Thanks for opening this. I hope I'll get to fix this at some point. Right now I'm occupied with some other things that I want to get ready before touching anything else.

I don't remember exactly why master connection is done with connection url instead of connection object. Probably we could just use connection object for master connection as well.

I wouldn't like to implement the proposed solution, because it is kind of hack/workaround and works only in a case where privileged and normal user are both the same and it does not address the real root cause of the problem.