Skip to content

Fix parsing of ssl=false connection string parameter #2423

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix parsing of ssl=false connection string parameter #2423

wants to merge 1 commit into from
+7 −1

Conversation

sonicdoe
Copy link
Contributor

Cherry-picks iceddev/pg-connection-string#39 to this monorepo.

@sonicdoe
Fix ssl=false parsing
740a5a7 
ssl was mistakenly set to the string "false" instead of the Boolean false.
@charmander
Copy link
Collaborator

ssl=false isn’t supported by libpq, only ssl=true. Incompatibilities already exist between pg-connection-string and libpq, but I’m against adding new ones.

(sslmode=disable is the correct version.)

@sonicdoe sonicdoe mentioned this pull request Nov 30, 2020
Closed
@sonicdoe
Copy link
Contributor Author

ssl=false is documented in pg-connection-string’s readme, though. Would you rather like to remove it there?

Alternatively, we could remove support for all ssl values except true to align with libpq. After all, it might be a bit surprising to support ssl=1, ssl=true, ssl=0 but not ssl=false.

@snowbldr
Copy link

I agree that since the other non-libpq modes are supported, ssl=false should be supported.

When ssl=false is set, it actually ends up enabling ssl because it gets set to the string "false", which is truthy.

This is very surprising behavior, especially because the docs actually explicitly state this is allowed.

If feature parity with libpq is more important, it could at least log a warning or throw an exception if the user uses this ssl flag in an unsupported way.

@louislam louislam mentioned this pull request Oct 12, 2023
Closed
2 tasks
@louislam
Copy link

It could possibly throw an uncaught exception without this patch.

Reproduce Steps

  1. Postgres with SSL
  2. Connect with ssl=false
const client = new Client({
    connectionString: "postgres://postgres:postgres@localhost:5432/postgres?ssl=false",
});
client.connect();
// Throw uncaught exception

TypeError: Cannot use 'in' operator to search for 'key' in false

https://github.com/brianc/node-postgres/blob/b1a8947738ce0af004cb926f79829bb2abc64aa6/packages/pg/lib/connection.js#L90C7-L90C7

Since my application allows people to input any connection strings freely, throw an uncaught exception is not nice.

Possible solutions

Method 1: Merge this pull request.
Method 2: In case you prefer sslmode=disable, "ssl=false" should completely ignored and muted, rather than parse it as a string "false".

@hjr3 hjr3 self-requested a review April 11, 2025 10:25
@hjr3 hjr3 self-assigned this Apr 11, 2025
@hjr3
Copy link
Collaborator

hjr3 commented Apr 11, 2025

Method 2: In case you prefer sslmode=disable, "ssl=false" should completely ignored and muted, rather than parse it as a string "false".

I observe that libpq throws an error when ssl=false is passed.

$ psql 'postgres://localhost/bar?ssl=false'
psql: error: invalid URI query parameter: "ssl"

I think this is the behavior we want to match. Muting causes "spooky action at a distance" problems.

@hjr3 hjr3 mentioned this pull request Apr 17, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hjr3 hjr3 Awaiting requested review from hjr3 hjr3 is a code owner

Assignees

@hjr3 hjr3

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@sonicdoe @charmander @snowbldr @louislam @hjr3