Fix SSL direct mode connection failure with sslsni parameter

[jhf]

🚨 Impact

SSL direct mode is completely broken when using the sslsni parameter with PostgreSQL 14+ servers. Connections fail with SSL error: unexpected eof while reading.

This affects any user attempting to use PGSSLSNI=1 (Server Name Indication) with direct SSL negotiation mode.

Summary

Fixes the sslsni connection parameter handling by converting boolean values to integers before passing to libpq.

Problem

The sslsni parameter is stored as a boolean (true/false) in the UI and database, but libpq requires integer values (1/0) for this parameter. When a boolean value is passed to libpq, it results in SSL connection failures.

Error:

connection to server at "host", port 5432 failed: SSL error: unexpected eof while reading

Solution

Added boolean-to-integer conversion in web/pgadmin/utils/driver/psycopg3/server_manager.py when creating the connection string. This ensures libpq receives the expected integer format.

The conversion happens in create_connection_string() method, right before parameters are passed to make_conninfo():

# Convert boolean connection parameters to integer for libpq compatibility
if key in ('sslcompression', 'sslsni'):
    value = 1 if value else 0

Changes

• Modified: web/pgadmin/utils/driver/psycopg3/server_manager.py (+4 lines)
• Converts boolean connection parameters to integers when building the connection string
• Handles both sslcompression and sslsni parameters consistently

Testing

✅ Tested locally with pgAdmin 4 v9.11 on macOS
✅ Verified connection succeeds with PGSSLSNI=1 after fix
✅ Applied as hotfix and confirmed working in production environment

Test case:

• PostgreSQL 14+ server requiring SNI
• Connection parameters: sslmode=require, sslnegotiation=direct, sslsni=1
• Result: Connection succeeds ✓

Related

• Affects PostgreSQL 14+ servers (sslsni requires min_server_version: '14')
• Aligns with libpq's expectation of integer values for boolean SSL parameters
• Low risk change: 4 lines, narrow scope, well-tested

Request for Expedited Review

This is a minimal, critical fix (4 lines) that unblocks SSL direct mode functionality. Given the severity and low risk, requesting inclusion in pgAdmin 9.12.

---

Summary by CodeRabbit

• Bug Fixes
  • Fixed SSL compression and SNI parameter handling for PostgreSQL connections using the psycopg3 driver.

[coderabbitai]

Walkthrough

The change adds runtime conversion of two boolean connection parameters (sslcompression and sslsni) to integers (1 for True, 0 for False) during DSN construction in the psycopg3 server manager, addressing type compatibility requirements of the psycopg3 driver.

Changes

Cohort / File(s)	Summary
Boolean parameter conversion for psycopg3 DSN web/pgadmin/utils/driver/psycopg3/server_manager.py	Converts boolean values for sslcompression and sslsni parameters to integers within create_connection_string method during DSN argument building

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• akshay-joshi

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title focuses on 'SSL direct mode connection failure' but the PR objective clarifies the core issue is boolean-to-integer conversion of the sslsni parameter for libpq compatibility, not specifically a 'direct mode' failure.	Consider revising the title to more directly reference the root cause: boolean-to-integer conversion for sslsni parameter (e.g., 'Convert sslsni boolean parameter to integer for libpq compatibility').

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 74c8b2d and 57cc6e1.

📒 Files selected for processing (1)

• web/pgadmin/browser/server_groups/servers/__init__.py

[rsbssbno]

would be supernice to get this fix !