From 476a067677f7003a3765f806778e7915403266d2 Mon Sep 17 00:00:00 2001 From: Dijana Pavlovic Date: Fri, 30 Aug 2024 16:07:16 +0200 Subject: [PATCH 1/2] Fix few typos & add SNI in connection docs --- docs/reference/connection.rst | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/reference/connection.rst b/docs/reference/connection.rst index ea717c9eab1..e58899509eb 100644 --- a/docs/reference/connection.rst +++ b/docs/reference/connection.rst @@ -205,14 +205,14 @@ for production), or rely on ``edgedb project`` (recommended for development). such, explicitly provided parameters are given the highest priority. In the context of the client libraries, this means passing an option - explicitly into the ``connect`` call. Here's how this looks using the + explicitly into the ``client creation`` call. Here's how this looks using the JavaScript library: .. code-block:: javascript import * as edgedb from "edgedb"; - const pool = await edgedb.connect({ + const pool = await edgedb.createClient({ instance: "my_instance" }); @@ -318,6 +318,8 @@ instance-level configuration object. - ``--password `` * - ``EDGEDB_TLS_CA_FILE`` - ``--tls-ca-file `` + * - ``EDGEDB_TLS_SERVER_NAME`` + - ``--tls-server-name`` * - ``EDGEDB_CLIENT_TLS_SECURITY`` - ``--tls-security`` * - ``EDGEDB_CLIENT_SECURITY`` @@ -373,6 +375,11 @@ instance-level configuration object. and provide a path to its location on the filesystem. Otherwise TLS will fail to connect. +**EDGEDB_TLS_SERVER_NAME** + Sometimes the target instance address cannot be resolved correctly + from a hostname. In those cases it is required to provide SNI for proper TLS + verification. It is also required for tenant selection in a multi-tenant environment. + **EDGEDB_CLIENT_TLS_SECURITY** Sets the TLS security mode. Determines whether certificate and hostname verification is enabled. Possible values: @@ -380,7 +387,7 @@ instance-level configuration object. - ``"strict"`` (**default**) — certificates and hostnames will be verified - ``"no_host_verification"`` — verify certificates but not hostnames - ``"insecure"`` — client libraries will trust self-signed TLS certificates. - useful for self-signed or custom certificates. + Useful for self-signed or custom certificates. This setting defaults to ``"strict"`` unless a custom certificate is supplied, in which case it is set to ``"no_host_verification"``. @@ -419,7 +426,7 @@ modified DSN: ``edgedb://newuser:newpass@hostname.com:5656``. Overriding across priority levels ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -This override behavior only happens *same or lower priority level*. For +Override behavior can only happen at the *same or lower priority level*. For instance: - ``EDGEDB_PASSWORD`` **will** override the password specified in From 8055636008f5c6cd63b44497267de612c38eeec6 Mon Sep 17 00:00:00 2001 From: Dijana Pavlovic Date: Tue, 3 Sep 2024 12:31:25 +0200 Subject: [PATCH 2/2] Update connections SNI docs --- docs/reference/connection.rst | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/docs/reference/connection.rst b/docs/reference/connection.rst index e58899509eb..65383c0cdbc 100644 --- a/docs/reference/connection.rst +++ b/docs/reference/connection.rst @@ -318,8 +318,6 @@ instance-level configuration object. - ``--password `` * - ``EDGEDB_TLS_CA_FILE`` - ``--tls-ca-file `` - * - ``EDGEDB_TLS_SERVER_NAME`` - - ``--tls-server-name`` * - ``EDGEDB_CLIENT_TLS_SECURITY`` - ``--tls-security`` * - ``EDGEDB_CLIENT_SECURITY`` @@ -345,6 +343,8 @@ instance-level configuration object. - ``--password `` * - ``EDGEDB_TLS_CA_FILE`` - ``--tls-ca-file `` + * - ``EDGEDB_TLS_SERVER_NAME`` + - ``--tls-server-name`` * - ``EDGEDB_CLIENT_TLS_SECURITY`` - ``--tls-security`` * - ``EDGEDB_CLIENT_SECURITY`` @@ -375,10 +375,9 @@ instance-level configuration object. and provide a path to its location on the filesystem. Otherwise TLS will fail to connect. -**EDGEDB_TLS_SERVER_NAME** - Sometimes the target instance address cannot be resolved correctly - from a hostname. In those cases it is required to provide SNI for proper TLS - verification. It is also required for tenant selection in a multi-tenant environment. +**EDGEDB_TLS_SERVER_NAME (SNI)** + If for some reason target instance IP address can't be resolved from the + hostname, you can provide SNI. **EDGEDB_CLIENT_TLS_SECURITY** Sets the TLS security mode. Determines whether certificate and hostname