bigorn0/pg-test.js

## pg-test.js
#!/usr/bin/env node

// Replace the

// chmod +x pg-test.js
// npm install --save pg
// ./pg-test.js


// Test pg target server certificate https://www.openssl.org/docs/man1.1.1/man1/s_client.html - no client certs provided
// openssl s_client -starttls postgres -connect <dns>:5432 -verify_return_error


const fs = require('fs');
const { Client } = require('pg');

const pgServerHostDns = '<host_dns_target_with_letsencrypt_certificate>';
const pgUsername = '<pg_user>';
const pgPassword = '<pg_password>';
const pgDatabase = '<pg_database>';

const sslTests = [
    'disable',
    'require',
    // 'verify-ca',
    // 'verify-full',
].map((sslMode) => {
    const pgUrl = `postgres://${pgUsername}:${pgPassword}@:5432/${pgDatabase}?sslmode=${sslMode}`;
    return { mode: sslMode, connectionConfig: { connectionString: pgUrl }};

    //To be explicit on the root cert but should be widely already trusted by most systems
    //curl https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem  > root.pem
    //openssl x509 -outform der -in root.pem -out root.crt
    // Beware! The ssl object is overwritten when parsing the connectionString
    // return { mode: sslMode, connectionConfig: { connectionString: pgUrl, ssl: {rejectUnauthorized: true, sslroot: fs.readFileSync('root.crt').toString(),}}};
}).map(
    (testConfig) => {

        const client = new Client(testConfig.connectionConfig);
        return client
            .connect()
            .then(() => {console.log(`connected with sslmode=${testConfig.mode}`); return `mode ${testConfig.mode} - OK`})
            .catch(err => {console.error(`connection error with sslmode ${testConfig.mode}`, err.stack); throw new Error(`mode ${testConfig.mode} - FAIL`)})
            .finally(() => client.end())
        });

Promise.allSettled(sslTests).then((results) => console.log('all tests ran succesfully', results));
	#!/usr/bin/env node

	// Replace the

	// chmod +x pg-test.js
	// npm install --save pg
	// ./pg-test.js



	// Test pg target server certificate https://www.openssl.org/docs/man1.1.1/man1/s_client.html - no client certs provided
	// openssl s_client -starttls postgres -connect <dns>:5432 -verify_return_error


	const fs = require('fs');
	const { Client } = require('pg');

	const pgServerHostDns = '<host_dns_target_with_letsencrypt_certificate>';
	const pgUsername = '<pg_user>';
	const pgPassword = '<pg_password>';
	const pgDatabase = '<pg_database>';

	const sslTests = [
	'disable',
	'require',
	// 'verify-ca',
	// 'verify-full',
	].map((sslMode) => {
	const pgUrl = `postgres://${pgUsername}:${pgPassword}@:5432/${pgDatabase}?sslmode=${sslMode}`;
	return { mode: sslMode, connectionConfig: { connectionString: pgUrl }};

	//To be explicit on the root cert but should be widely already trusted by most systems
	//curl https://letsencrypt.org/certs/isrg-root-x1-cross-signed.pem > root.pem
	//openssl x509 -outform der -in root.pem -out root.crt
	// Beware! The ssl object is overwritten when parsing the connectionString
	// return { mode: sslMode, connectionConfig: { connectionString: pgUrl, ssl: {rejectUnauthorized: true, sslroot: fs.readFileSync('root.crt').toString(),}}};
	}).map(
	(testConfig) => {

	const client = new Client(testConfig.connectionConfig);
	return client
	.connect()
	.then(() => {console.log(`connected with sslmode=${testConfig.mode}`); return `mode ${testConfig.mode} - OK`})
	.catch(err => {console.error(`connection error with sslmode ${testConfig.mode}`, err.stack); throw new Error(`mode ${testConfig.mode} - FAIL`)})
	.finally(() => client.end())
	});

	Promise.allSettled(sslTests).then((results) => console.log('all tests ran succesfully', results));