diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5676e0e..a19d0b3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -76,7 +76,7 @@ were args are one of the following: | Query Argument | Description | Values | |----------------|-------------|--------| | use_prepared_statements | whether to use client-side query interpolation or server-side argument binding |
  • true = (default) use server-side bindings
  • false = user client side interpolation
  • | -| tlsmode | the ssl policy for this connection |
  • none = don't use SSL for this connection
  • server = server must support SSL, but skip verification (INSECURE!)
  • server-prefer (default) = checks for SSL/TLS server support; if unsupported, SSL/TLS is not used for this connection.
  • server-strict = server must support SSL
  • custom = use custom TLS config (Need to generate certs with `resources/tests/genCerts.sh` in advance)
  • | +| tlsmode | the ssl policy for this connection |
  • none = don't use SSL for this connection
  • server = server must support SSL, but skip verification (INSECURE!)
  • prefer (default) = checks for SSL/TLS server support; if unsupported, SSL/TLS is not used for this connection.
  • server-strict = server must support SSL
  • custom = use custom TLS config (Need to generate certs with `resources/tests/genCerts.sh` in advance)
  • | | locator | host and port of the Vertica connection | (default) localhost:5433 | | user | Vertica user name | (default) dbadmin | | password | Vertica password for the connecting user | (default) (empty) | diff --git a/README.md b/README.md index 14de33b..9bba702 100644 --- a/README.md +++ b/README.md @@ -96,7 +96,7 @@ Currently supported query arguments are: |----------------|-------------|--------| | use_prepared_statements | Whether to use client-side query interpolation or server-side argument binding. | 1 = (default) use server-side bindings
    0 = user client side interpolation **(LESS SECURE)** | | connection_load_balance | Whether to enable connection load balancing on the client side. | 0 = (default) disable load balancing
    1 = enable load balancing | -| tlsmode | The ssl/tls policy for this connection. |
  • 'none' = don't use SSL/TLS for this connection
  • 'server' = server must support SSL/TLS, but skip verification **(INSECURE!)**
  • 'server-prefer' (default) = checks for SSL/TLS server support; if unsupported, SSL/TLS is not used for this connection.
  • 'server-strict' = server must support SSL/TLS
  • {customName} = use custom registered `tls.Config` (see "Using custom TLS config" section below)
  • | +| tlsmode | The ssl/tls policy for this connection. |
  • 'none' = don't use SSL/TLS for this connection
  • 'server' = server must support SSL/TLS, but skip verification **(INSECURE!)**
  • 'prefer' (default) = checks for SSL/TLS server support; if unsupported, SSL/TLS is not used for this connection.
  • 'server-strict' = server must support SSL/TLS
  • {customName} = use custom registered `tls.Config` (see "Using custom TLS config" section below)
  • | | backup_server_node | A list of backup hosts for the client to try to connect if the primary host is unreachable. | a comma-seperated list of backup host-port pairs. E.g.
    'host1:port1,host2:port2,host3:port3' | | client_label | Sets a label for the connection on the server. This value appears in the `client_label` column of the SESSIONS system table. | (default) vertica-sql-go-{version}-{pid}-{timestamp} | | autocommit | Controls whether the connection automatically commits transactions. | 1 = (default) on
    0 = off| diff --git a/connection.go b/connection.go index 7289861..0514ef3 100644 --- a/connection.go +++ b/connection.go @@ -59,7 +59,7 @@ var ( const ( tlsModeServer = "server" - tlsModeServerPrefer = "server-prefer" + tlsModePrefer = "prefer" tlsModeServerStrict = "server-strict" tlsModeNone = "none" ) @@ -86,9 +86,9 @@ func (t *_tlsConfigs) get(name string) (*tls.Config, bool) { var tlsConfigs = &_tlsConfigs{m: make(map[string]*tls.Config)} // db, err := sql.Open("vertica", "user@tcp(localhost:3306)/test?tlsmode=custom") -// reserved modes: 'server', 'server-prefer', 'server-strict' or 'none' +// reserved modes: 'server', 'prefer', 'server-strict' or 'none' func RegisterTLSConfig(name string, config *tls.Config) error { - if name == tlsModeServer || name == tlsModeServerPrefer || name == tlsModeServerStrict || name == tlsModeNone { + if name == tlsModeServer || name == tlsModePrefer || name == tlsModeServerStrict || name == tlsModeNone { return fmt.Errorf("config name '%s' is reserved therefore cannot be used", name) } return tlsConfigs.add(name, config) @@ -259,8 +259,8 @@ func newConnection(connString string) (*connection, error) { // Read SSL/TLS flag. sslFlag := strings.ToLower(result.connURL.Query().Get("tlsmode")) if sslFlag == "" { - // Set default to tlsModeServerPrefer - sslFlag = tlsModeServerPrefer + // Set default to tlsModePrefer + sslFlag = tlsModeNone } // Read Workload flag @@ -678,8 +678,8 @@ func (v *connection) initializeSSL(sslFlag string) error { case tlsModeServer: connectionLogger.Info("enabling SSL/TLS server mode") v.conn = tls.Client(v.conn, &tls.Config{InsecureSkipVerify: true}) - case tlsModeServerPrefer: - connectionLogger.Info("enabling SSL/TLS server prefer mode") + case tlsModePrefer: + connectionLogger.Info("enabling SSL/TLS prefer mode") v.conn = tls.Client(v.conn, &tls.Config{ServerName: v.connURL.Hostname(), InsecureSkipVerify: true}) case tlsModeServerStrict: connectionLogger.Info("enabling SSL/TLS server strict mode") diff --git a/driver_test.go b/driver_test.go index db579dd..52917e4 100644 --- a/driver_test.go +++ b/driver_test.go @@ -201,7 +201,7 @@ func TestTLSConfiguration(t *testing.T) { switch *tlsMode { case "none": assertEqual(t, sslState, "None") - case "server", "server-prefer", "server-strict": + case "server", "prefer", "server-strict": assertEqual(t, sslState, "Server") case "custom": assertEqual(t, sslState, "Mutual") @@ -1227,7 +1227,7 @@ func TestClientOSHostnameProperty(t *testing.T) { var verticaUserName = flag.String("user", "dbadmin", "the user name to connect to Vertica") var verticaPassword = flag.String("password", os.Getenv("VERTICA_TEST_PASSWORD"), "Vertica password for this user") var verticaHostPort = flag.String("locator", "localhost:5433", "Vertica's host and port") -var tlsMode = flag.String("tlsmode", "none", "SSL/TLS mode (none, server, server-prefer, server-strict, custom)") +var tlsMode = flag.String("tlsmode", "none", "SSL/TLS mode (none, server, prefer, server-strict, custom)") var usePreparedStmts = flag.Bool("use_prepared_statements", true, "whether to use prepared statements for all queries/executes") var oauthAccessToken = flag.String("oauth_access_token", os.Getenv("VERTICA_TEST_OAUTH_ACCESS_TOKEN"), "the OAuth Access Token to connect to Vertica")