-
|
Greetings! I was trying to authenticate to a postgres cluster using tls, but ran into a problem with specifying ServerName in tls.Config. Here is how I create connection: conf, err := pgx.ParseConfig(conn)
if err != nil {
return nil, err
}
cert, err := tls.X509KeyPair(c.TLSCert, c.TLSKey)
if err != nil {
return nil, err
}
tlsConfig = &tls.Config{
ServerName: connUrl.Hostname(),
Certificates: []tls.Certificate{cert},
}
conf.TLSConfig = tlsAuthThis code works only if I connect to a single node. If the connection url looks something like The problem is that we can only specify one hostname in tls.ServerName field. In source files of x509 package there is not support for multiple hosts, separated for example by comma (or is there?). So the question is - how can I authenticate to postgres using tls if the connection url consists of 2+ hostnames? There is also a problem with calling url.Hostname() method, as it just separates host and port by colon. I can easily write a helper method to return correct hostnames like pg1,pg2. But anyway ServerName will not work correctly with this format |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Multiple hosts get converted to fallback configs. See https://pkg.go.dev/github.com/jackc/pgx/[email protected]/pgconn#FallbackConfig. You can specify different tsl configs for each. |
Beta Was this translation helpful? Give feedback.
-
|
So I just specify ServerName like |
Beta Was this translation helpful? Give feedback.
-
|
You would need to iterate through the fallback configs and set the tls config option appropriately for each one. |
Beta Was this translation helpful? Give feedback.
-
|
Got it, thanks! |
Beta Was this translation helpful? Give feedback.
Multiple hosts get converted to fallback configs. See https://pkg.go.dev/github.com/jackc/pgx/[email protected]/pgconn#FallbackConfig. You can specify different tsl configs for each.