Skip to content

Commit 7324560

Browse files
committed
support overriding the tls host
1 parent 7bdd17b commit 7324560

File tree

2 files changed

+19
-3
lines changed

2 files changed

+19
-3
lines changed

tokio-postgres/src/config.rs

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -195,6 +195,7 @@ pub struct Config {
195195
pub(crate) target_session_attrs: TargetSessionAttrs,
196196
pub(crate) channel_binding: ChannelBinding,
197197
pub(crate) replication_mode: Option<ReplicationMode>,
198+
pub(crate) tls_verify_host: Option<String>,
198199
}
199200

200201
impl Default for Config {
@@ -230,6 +231,7 @@ impl Config {
230231
target_session_attrs: TargetSessionAttrs::Any,
231232
channel_binding: ChannelBinding::Prefer,
232233
replication_mode: None,
234+
tls_verify_host: None,
233235
}
234236
}
235237

@@ -373,6 +375,19 @@ impl Config {
373375
&self.host
374376
}
375377

378+
/// Sets the hostname used during TLS certificate verification, if enabled.
379+
///
380+
/// This can be useful if you are connecting through an SSH tunnel.
381+
pub fn tls_verify_host(&mut self, host: &str) -> &mut Config {
382+
self.tls_verify_host = Some(host.to_string());
383+
self
384+
}
385+
386+
/// Gets the host that has been added to the configuration with `tls_verify_host`.
387+
pub fn get_tls_verify_host(&self) -> Option<&str> {
388+
self.tls_verify_host.as_deref()
389+
}
390+
376391
/// Adds a Unix socket host to the configuration.
377392
///
378393
/// Unlike `host`, this method allows non-UTF8 paths.

tokio-postgres/src/connect.rs

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,11 +32,12 @@ where
3232
.copied()
3333
.unwrap_or(5432);
3434

35-
let hostname = match host {
36-
Host::Tcp(host) => host.as_str(),
35+
let hostname = match (config.tls_verify_host.as_deref(), host) {
36+
(Some(tls_verify_host), Host::Tcp(_)) => tls_verify_host,
37+
(None, Host::Tcp(host)) => host.as_str(),
3738
// postgres doesn't support TLS over unix sockets, so the choice here doesn't matter
3839
#[cfg(unix)]
39-
Host::Unix(_) => "",
40+
(_, Host::Unix(_)) => "",
4041
};
4142

4243
let tls = tls

0 commit comments

Comments
 (0)