config: add ssl config params

Adds additional SSL config params:
- sslcert
- sslkey
- sslrootcert

More details at https://www.postgresql.org/docs/9.5/libpq-connect.html#LIBPQ-CONNSTRING.

Author: uce

postgres/src/config.rs

@@ -3,12 +3,12 @@
 use crate::connection::Connection;
 use crate::Client;
 use log::info;
-use std::fmt;
 use std::net::IpAddr;
 use std::path::Path;
 use std::str::FromStr;
 use std::sync::Arc;
 use std::time::Duration;
+use std::{fmt, path::PathBuf};
 use tokio::runtime;
 #[doc(inline)]
 pub use tokio_postgres::config::{
@@ -34,9 +34,12 @@ use tokio_postgres::{Error, Socket};
 /// * `dbname` - The name of the database to connect to. Defaults to the username.
 /// * `options` - Command line options used to configure the server.
 /// * `application_name` - Sets the `application_name` parameter on the server.
+/// * `sslcert` - Location of the client SSL certificate file.
+/// * `sslkey` - Location for the secret key file used for the client certificate.
 /// * `sslmode` - Controls usage of TLS. If set to `disable`, TLS will not be used. If set to `prefer`, TLS will be used
 ///     if available, but not used otherwise. If set to `require`, `verify-ca`, or `verify-full`, TLS will be forced to
 ///     be used. Defaults to `prefer`.
+/// * `sslrootcert` - Location of SSL certificate authority (CA) certificate.
 /// * `host` - The host to connect to. On Unix platforms, if the host starts with a `/` character it is treated as the
 ///     path to the directory containing Unix domain sockets. Otherwise, it is treated as a hostname. Multiple hosts
 ///     can be specified, separated by commas. Each host will be tried in turn when connecting. Required if connecting
@@ -218,6 +221,32 @@ impl Config {
         self.config.get_application_name()
     }
 
+    /// Sets the location of the client SSL certificate file.
+    ///
+    /// Defaults to `None`.
+    pub fn ssl_cert(&mut self, ssl_cert: &str) -> &mut Config {
+        self.config.ssl_cert(ssl_cert);
+        self
+    }
+
+    /// Gets the location of the client SSL certificate file.
+    pub fn get_ssl_cert(&self) -> Option<PathBuf> {
+        self.config.get_ssl_cert()
+    }
+
+    /// Sets the location of the secret key file used for the client certificate.
+    ///
+    /// Defaults to `None`.
+    pub fn ssl_key(&mut self, ssl_key: &str) -> &mut Config {
+        self.config.ssl_key(ssl_key);
+        self
+    }
+
+    /// Gets the location of the secret key file used for the client certificate.
+    pub fn get_ssl_key(&self) -> Option<PathBuf> {
+        self.config.get_ssl_key()
+    }
+
     /// Sets the SSL configuration.
     ///
     /// Defaults to `prefer`.
@@ -231,6 +260,19 @@ impl Config {
         self.config.get_ssl_mode()
     }
 
+    /// Sets the location of SSL certificate authority (CA) certificate.
+    ///
+    /// Defaults to `None`.
+    pub fn ssl_root_cert(&mut self, ssl_root_cert: &str) -> &mut Config {
+        self.config.ssl_root_cert(ssl_root_cert);
+        self
+    }
+
+    /// Gets the location of SSL certificate authority (CA) certificate.
+    pub fn get_ssl_root_cert(&self) -> Option<PathBuf> {
+        self.config.get_ssl_root_cert()
+    }
+
     /// Adds a host to the configuration.
     ///
     /// Multiple hosts can be specified by calling this method multiple times, and each will be tried in order. On Unix

tokio-postgres/src/config.rs

@@ -119,9 +119,12 @@ pub enum Host {
 /// * `dbname` - The name of the database to connect to. Defaults to the username.
 /// * `options` - Command line options used to configure the server.
 /// * `application_name` - Sets the `application_name` parameter on the server.
+/// * `sslcert` - Location of the client SSL certificate file.
+/// * `sslkey` - Location for the secret key file used for the client certificate.
 /// * `sslmode` - Controls usage of TLS. If set to `disable`, TLS will not be used. If set to `prefer`, TLS will be used
 ///     if available, but not used otherwise. If set to `require`, `verify-ca`, or `verify-full`, TLS will be forced to
 ///     be used. Defaults to `prefer`.
+/// * `sslrootcert` - Location of SSL certificate authority (CA) certificate.
 /// * `host` - The host to connect to. On Unix platforms, if the host starts with a `/` character it is treated as the
 ///     path to the directory containing Unix domain sockets. Otherwise, it is treated as a hostname. Multiple hosts
 ///     can be specified, separated by commas. Each host will be tried in turn when connecting. Required if connecting
@@ -217,7 +220,10 @@ pub struct Config {
     pub(crate) dbname: Option<String>,
     pub(crate) options: Option<String>,
     pub(crate) application_name: Option<String>,
+    pub(crate) ssl_cert: Option<PathBuf>,
+    pub(crate) ssl_key: Option<PathBuf>,
     pub(crate) ssl_mode: SslMode,
+    pub(crate) ssl_root_cert: Option<PathBuf>,
     pub(crate) host: Vec<Host>,
     pub(crate) hostaddr: Vec<IpAddr>,
     pub(crate) port: Vec<u16>,
@@ -247,7 +253,10 @@ impl Config {
             dbname: None,
             options: None,
             application_name: None,
+            ssl_cert: None,
+            ssl_key: None,
             ssl_mode: SslMode::Prefer,
+            ssl_root_cert: None,
             host: vec![],
             hostaddr: vec![],
             port: vec![],
@@ -334,6 +343,32 @@ impl Config {
         self.application_name.as_deref()
     }
 
+    /// Sets the location of the client SSL certificate file.
+    ///
+    /// Defaults to `None`.
+    pub fn ssl_cert(&mut self, ssl_cert: &str) -> &mut Config {
+        self.ssl_cert = Some(PathBuf::from(ssl_cert));
+        self
+    }
+
+    /// Gets the location of the client SSL certificate file.
+    pub fn get_ssl_cert(&self) -> Option<PathBuf> {
+        self.ssl_cert.clone()
+    }
+
+    /// Sets the location of the secret key file used for the client certificate.
+    ///
+    /// Defaults to `None`.
+    pub fn ssl_key(&mut self, ssl_key: &str) -> &mut Config {
+        self.ssl_key = Some(PathBuf::from(ssl_key));
+        self
+    }
+
+    /// Gets the location of the secret key file used for the client certificate.
+    pub fn get_ssl_key(&self) -> Option<PathBuf> {
+        self.ssl_key.clone()
+    }
+
     /// Sets the SSL configuration.
     ///
     /// Defaults to `prefer`.
@@ -347,6 +382,19 @@ impl Config {
         self.ssl_mode
     }
 
+    /// Sets the location of SSL certificate authority (CA) certificate.
+    ///
+    /// Defaults to `None`.
+    pub fn ssl_root_cert(&mut self, ssl_root_cert: &str) -> &mut Config {
+        self.ssl_root_cert = Some(PathBuf::from(ssl_root_cert));
+        self
+    }
+
+    /// Gets the location of SSL certificate authority (CA) certificate.
+    pub fn get_ssl_root_cert(&self) -> Option<PathBuf> {
+        self.ssl_root_cert.clone()
+    }
+
     /// Adds a host to the configuration.
     ///
     /// Multiple hosts can be specified by calling this method multiple times, and each will be tried in order. On Unix
@@ -579,6 +627,18 @@ impl Config {
             "application_name" => {
                 self.application_name(value);
             }
+            "sslcert" => {
+                if std::fs::metadata(value).is_err() {
+                    return Err(Error::config_parse(Box::new(InvalidValue("sslcert"))));
+                }
+                self.ssl_cert(value);
+            }
+            "sslkey" => {
+                if std::fs::metadata(value).is_err() {
+                    return Err(Error::config_parse(Box::new(InvalidValue("sslkey"))));
+                }
+                self.ssl_key(value);
+            }
             "sslmode" => {
                 let mode = match value {
                     "disable" => SslMode::Disable,
@@ -590,6 +650,12 @@ impl Config {
                 };
                 self.ssl_mode(mode);
             }
+            "sslrootcert" => {
+                if std::fs::metadata(value).is_err() {
+                    return Err(Error::config_parse(Box::new(InvalidValue("sslrootcert"))));
+                }
+                self.ssl_root_cert(value);
+            }
             "host" => {
                 for host in value.split(',') {
                     self.host(host);
@@ -776,7 +842,10 @@ impl fmt::Debug for Config {
             .field("dbname", &self.dbname)
             .field("options", &self.options)
             .field("application_name", &self.application_name)
+            .field("ssl_cert", &self.ssl_cert)
+            .field("ssl_key", &self.ssl_key)
             .field("ssl_mode", &self.ssl_mode)
+            .field("ssl_root_cert", &self.ssl_root_cert)
             .field("host", &self.host)
             .field("hostaddr", &self.hostaddr)
             .field("port", &self.port)