[CalendarServer-dev] SSL connection to DB server gone in 8.0?
Andre LaBranche
dre at apple.com
Fri Jun 24 15:50:09 PDT 2016
Rebuilding PG with openssl support wasn't that hard. Turns out I already had openssl installed via brew, so just needed to define a couple env vars.
> I tried the most naive thing I could think of,
... no it's not that simple. Also because that patch is bunk, as the string slice is off by one, so fails to capture the entire hostname when there is a tcps: prefix.
> since I believe none of the parameters we pass down to pg8000 are TLS-aware
Yes, they are. The one called 'ssl' in pg8000/__init__.py which is a bool.
After some reckless hacking, I got this to work, verified by the fact that my PG server is configured to allow only connections that use SSL. I'll clean this up and do some more testing before committing.
-dre
More information about the calendarserver-dev
mailing list