Conversation
pinzon
force-pushed
the
feat/ssl-support
branch
2 times, most recently
from
ea49177 to
18f038f
Compare
pinzon
force-pushed
the
feat/ssl-support
branch
from
18f038f to
62b8c26
Compare
cloutierMat
left a comment
cloutierMat
left a comment
There was a problem hiding this comment.
Thanks for moving your changes here. I know it is a bit weird to keep the patch but I would prefer to keep the LOGS and exception handling out of here for better control over log levels.
Also if you are to keep the catch all except Exception as e I would at least add exc_info for DEBUG so that we can gain some insight on the error instead of covering it entirely
postgresql_proxy/proxy.py
Outdated
| try: | ||
| # Peek at the first 8 bytes to check for SSLRequest | ||
| # Using MSG_PEEK so we don't consume the data if it's not SSLRequest | ||
| client_socket.setblocking(True) |
There was a problem hiding this comment.
We don't really need to set blocking to True here, since this happens before we set blocking to False anyway, right?
There was a problem hiding this comment.
True, it's not necessary at all but since the socket is a parameter, I prefer to confirm/assert the blocking mode.
cloutierMat
left a comment
cloutierMat
left a comment
There was a problem hiding this comment.
Thanks for addressing the comments, this should now enable postgres client to enable ssl. We can then work from there in the future if CA validation also becomes required 👍
2 participants
Motivation
This PR adds SSL support to the PostgreSQL proxy. Following @cloutierMat's recommendation, the necessary changes have been migrated from the LocalStack-Ext patches to this repository.
Changes
ssl_contextattribute in Proxy class_handle_ssl_negotiationmethod in Proxy class to handle SSL connection negotiationaccept_wrappernow utilizes_handle_ssl_negotiationifssl_contextexists