Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(dao) allow self-signed certificates for migrations #2908

Merged
merged 2 commits into from
Sep 28, 2017
Merged

fix(dao) allow self-signed certificates for migrations #2908

merged 2 commits into from
Sep 28, 2017

Conversation

thibaultcha
Copy link
Member

This fixes a reported issue that Kong would not be able to run
migrations on PostgreSQL with self-signed certificates. The error "self
signed certificate" that Kong raised indicated that the root CA was not
made available to the cosocket in use.

Because the CLI is interpreted by resty-cli, it is too late to set the
resty-cli lua_ssl_trusted_certificate directive.

The approach we historically take is to rely on LuaSocket/LuaSec in
Kong's CLI and circumvant this limitation (the root CA file can be
specified at runtime as part of the LuaSocket instantiation options).

Fix #2856

@thibaultcha thibaultcha mentioned this pull request Sep 25, 2017
Closed
@thibaultcha
fix(postgres) allow self-signed certificates for migrations
fe95319 
This fixes a reported issue that Kong would not be able to run
migrations on PostgreSQL with self-signed certificates. The error "self
signed certificate" that Kong raised indicated that the root CA was not
made available to the cosocket in use.

Because the CLI is interpreted by resty-cli, it is too late to set the
resty-cli `lua_ssl_trusted_certificate` directive.

The approach we historically take is to rely on LuaSocket/LuaSec in
Kong's CLI and circumvant this limitation (the root CA file can be
specified at runtime as part of the LuaSocket instantiation options).

Fix #2856
@thibaultcha
fix(cassandra) allow self-signed certificates for migrations
68d358b 
Follow-up of 5e2d31e9f5d79c901ef5364eb8786c86c0ae5010 for the Cassandra
DAO strategy.
@thibaultcha thibaultcha added pr/ready This PR is considered ready and can be merged at anytime (given it received no subsequent changes) and removed pr/status/please review labels Sep 28, 2017
@thibaultcha thibaultcha merged commit 66aebfd into master Sep 28, 2017
@thibaultcha thibaultcha deleted the fix/db-ssl-verify branch September 28, 2017 22:07
@thibaultcha thibaultcha mentioned this pull request Jun 29, 2018
Closed
thibaultcha added a commit that referenced this pull request Jun 29, 2018
@thibaultcha
fix(db) allow self-signed certificates in migrations
205fe43 
A port of 68d358b to the new DAO, now that it is also used within the
migrations.

See #2908
thibaultcha added a commit that referenced this pull request Jul 5, 2018
@thibaultcha
fix(db) allow self-signed certificates in migrations
fc415d0 
A port of 68d358b to the new DAO, now that it is also used within the
migrations.

See #2908
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kikito kikito kikito approved these changes

Assignees
No one assigned
Labels
pr/ready This PR is considered ready and can be merged at anytime (given it received no subsequent changes)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SSL Verifed connection to PostgreSQL\RDS
2 participants
@thibaultcha @kikito