Conversation
hgiasac
approved these changes
Feb 2, 2026
Lower GraphQL interface and union output types into tagged-variant NDC object types with __typename and nullable on_<ConcreteType> fields. Adds validation for unsupported polymorphic schemas. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Self-hosted customers often use organization-signed certificates which are not supported when using
rustls-tls(unlikenative-tlswhich picks up system SSL environment variables). This change adds support for custom CA certificates and optionally disabling TLS verification entirely.We read these environment variables directly from the OS rather than through connector configuration, as TLS settings are primarily an infrastructure concern.
Environment Variables
GRAPHQL_CA_CERT_FILEGRAPHQL_CA_CERT_DIR.pem,.crt,.cer)GRAPHQL_INSECURE_SKIP_TLS_VERIFYtrueor1to disable TLS verification (dangerous, for dev/testing only)Notes:
GRAPHQL_CA_CERT_FILEandGRAPHQL_CA_CERT_DIRcan be used together (certificates are combined)GRAPHQL_INSECURE_SKIP_TLS_VERIFYtakes precedence and skips all CA cert logic when enabledChanges
rustls-pemfiledependency for parsing PEM certificatestracingdependency for logging certificate loading info/warningsget_http_client()to configure TLS based on environment variables