From 2bfb5cf0cadc49a459102112bc32bde377bc68b3 Mon Sep 17 00:00:00 2001 From: Halid Elnasan Date: Thu, 25 Jun 2026 17:48:53 +0300 Subject: [PATCH] fix(postgres): honor ssl_mode in build_connection_url The sqlx-based connection path (DatabaseDriver::test_connection -> build_connection_url -> AnyConnection::connect) omitted the sslmode parameter, so sqlx defaulted to prefer and attempted TLS even when the user selected Disable. This diverged from the pool path (build_postgres_configurations), which honors ssl_mode, causing Load Databases to succeed while opening the connection failed against servers that reject the negotiated TLS (e.g. CloudNativePG forcing TLS 1.3): 'bad protocol version'. Map ssl_mode onto the libpq sslmode URL parameter, mirroring the MySQL driver, and add tests covering the disable case and the unset default. --- src-tauri/src/drivers/postgres/mod.rs | 14 ++++++++-- src-tauri/src/drivers/postgres/tests.rs | 37 +++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 2 deletions(-) diff --git a/src-tauri/src/drivers/postgres/mod.rs b/src-tauri/src/drivers/postgres/mod.rs index 50ba7480..44eee4dc 100644 --- a/src-tauri/src/drivers/postgres/mod.rs +++ b/src-tauri/src/drivers/postgres/mod.rs @@ -1412,13 +1412,23 @@ impl DatabaseDriver for PostgresDriver { use urlencoding::encode; let user = encode(params.username.as_deref().unwrap_or_default()); let pass = encode(params.password.as_deref().unwrap_or_default()); + let sslmode = match params.ssl_mode.as_deref() { + Some("disable") => "disable", + Some("allow") => "allow", + Some("prefer") => "prefer", + Some("require") => "require", + Some("verify-ca") => "verify-ca", + Some("verify-full") => "verify-full", + _ => "prefer", + }; Ok(format!( - "postgres://{}:{}@{}:{}/{}", + "postgres://{}:{}@{}:{}/{}?sslmode={}", user, pass, params.host.as_deref().unwrap_or("localhost"), params.port.unwrap_or(5432), - params.database + params.database, + sslmode )) } diff --git a/src-tauri/src/drivers/postgres/tests.rs b/src-tauri/src/drivers/postgres/tests.rs index c0635746..5d7766db 100644 --- a/src-tauri/src/drivers/postgres/tests.rs +++ b/src-tauri/src/drivers/postgres/tests.rs @@ -536,3 +536,40 @@ mod build_pk_predicate_tests { assert!(build_pk_predicate("id", serde_json::json!(true), 1).is_err()); } } + +mod build_connection_url_tests { + use super::super::PostgresDriver; + use crate::drivers::driver_trait::DatabaseDriver; + use crate::models::{ConnectionParams, DatabaseSelection}; + + fn params_with_ssl_mode(ssl_mode: Option<&str>) -> ConnectionParams { + ConnectionParams { + driver: "postgres".to_string(), + host: Some("127.0.0.1".to_string()), + port: Some(5432), + username: Some("postgres".to_string()), + password: Some("secret".to_string()), + database: DatabaseSelection::Single("app".to_string()), + ssl_mode: ssl_mode.map(|s| s.to_string()), + ..Default::default() + } + } + + #[test] + fn includes_disabled_ssl_mode() { + let driver = PostgresDriver::new(); + let url = driver + .build_connection_url(¶ms_with_ssl_mode(Some("disable"))) + .unwrap(); + assert!(url.contains("sslmode=disable"), "url was: {url}"); + } + + #[test] + fn defaults_to_prefer_when_unset() { + let driver = PostgresDriver::new(); + let url = driver + .build_connection_url(¶ms_with_ssl_mode(None)) + .unwrap(); + assert!(url.contains("sslmode=prefer"), "url was: {url}"); + } +}