feat: Add support for 'verify-ca' and 'verify-full' TLS modes (denodrivers#397)

Author: Soremwar

connection/connection_params.ts

@@ -50,7 +50,13 @@ export interface ConnectionOptions {
   attempts: number;
 }
 
-type TLSModes = "disable" | "prefer" | "require";
+/** https://www.postgresql.org/docs/14/libpq-ssl.html#LIBPQ-SSL-PROTECTION */
+type TLSModes =
+  | "disable"
+  | "prefer"
+  | "require"
+  | "verify-ca"
+  | "verify-full";
 
 // TODO
 // Refactor enabled and enforce into one single option for 1.0
@@ -261,13 +267,15 @@ function parseOptionsFromUri(connection_string: string): ClientOptions {
       tls = { enabled: true, enforce: false, caCertificates: [] };
       break;
     }
-    case "require": {
+    case "require":
+    case "verify-ca":
+    case "verify-full": {
       tls = { enabled: true, enforce: true, caCertificates: [] };
       break;
     }
     default: {
       throw new ConnectionParamsError(
-        `Supplied DSN has invalid sslmode '${postgres_uri.sslmode}'. Only 'disable', 'require', and 'prefer' are supported`,
+        `Supplied DSN has invalid sslmode '${postgres_uri.sslmode}'`,
       );
     }
   }

docs/README.md

@@ -116,11 +116,14 @@ of search parameters such as the following:
   values for connection (ej: options=--cluster=your_cluster_name)
 - sslmode: Allows you to specify the tls configuration for your client, the
   allowed values are the following:
-  - disable: Skip TLS connection altogether
-  - prefer: Attempt to stablish a TLS connection, default to unencrypted if the
-    negotiation fails
+
+  - verify-full: Same behaviour as `require`
+  - verify-ca: Same behaviour as `require`
   - require: Attempt to stablish a TLS connection, abort the connection if the
     negotiation fails
+  - prefer: Attempt to stablish a TLS connection, default to unencrypted if the
+    negotiation fails
+  - disable: Skip TLS connection altogether
 - user: If user is not specified in the url, this will be taken instead
 
 #### Password encoding

tests/connection_params_test.ts

@@ -242,10 +242,10 @@ Deno.test("Throws on connection string with invalid ssl mode", function () {
   assertThrows(
     () =>
       createParams(
-        "postgres://some_user@some_host:10101/deno_postgres?sslmode=verify-full",
+        "postgres://some_user@some_host:10101/deno_postgres?sslmode=invalid",
       ),
     ConnectionParamsError,
-    "Supplied DSN has invalid sslmode 'verify-full'. Only 'disable', 'require', and 'prefer' are supported",
+    "Supplied DSN has invalid sslmode 'invalid'",
   );
 });