Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connection option "trustServerCertificate" seems broken/not supported #946

Closed
brantz opened this issue Sep 10, 2021 · 3 comments
Closed

Connection option "trustServerCertificate" seems broken/not supported #946

brantz opened this issue Sep 10, 2021 · 3 comments

Comments

@brantz
Copy link

brantz commented Sep 10, 2021

activerecord-sqlserver-adapter (6.1.0.0)
tiny_tds (2.1.5)

I am trying to set the connection option trustServerCertificate but it seems i can't get it to work.

I have tried adding the option as a query parameter to DATABASE_URL, like so:

sqlserver://<user>:<pwd>@<host>:<port>/<db_name>?trust_server_certificate=true

That didn't work so i tried various spellings of trustServerCertificate like trust_server_certificate or trustservercertificate.

Neither had done the trick, they simply seem to be ignored.

Then i found https://github.com/rails-sqlserver/activerecord-sqlserver-adapter#configure-connection and tried setting it via an rails initializer like so:

module ActiveRecord
  module ConnectionAdapters
    class SQLServerAdapter < AbstractAdapter
      def configure_connection
        raw_connection_do "SET TRUST_SERVER_CERTIFICATE ON"
      end
    end
  end
end

This resulted in TinyTds::Error: 'TRUST_SERVER_CERTIFICATE' is not a recognized SET option.

Well, it was worth a shot ;)

Documentations for both TinyTds & AR sqlserver adatper do not mention mention anything about that connection option.

Any help on this would be greatly appreciated :)
@wpolicarpo
Copy link
Member

Sorry, I haven't heard about that config before. Isn't that option only for the jdbc driver?

I didn't find any mentions in freetds for that option so I don't think you will be able to use here.

@gucki
Copy link

gucki commented Sep 15, 2021
edited
Loading

There's an "indirect" option (set "ca file" to an empty value, which is the default btw) for it in the config file of freetds: https://www.freetds.org/userguide/freetdsconf.html. But it doesn't seem like https://github.com/rails-sqlserver/tiny_tds supports setting the options on the fly. So I just created rails-sqlserver/tiny_tds#504.

@brantz
Copy link
Author

brantz commented Sep 15, 2021
edited
Loading

Thanks, @wpolicarpo for your input, it pointed me to the right direction. Some digging into the FreeTds config options showed that, as @gucki pointed out, the default behavior is to accept any server certificate. Indeed our issues turned out to be related to our firewall and not to the handling of the certificate. Thanks @gucki for opening that issue on tiny_tds, more config options would be a nice thing to have :)

@brantz brantz closed this as completed Sep 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gucki @brantz @wpolicarpo