R
Railway8mo ago
LHelge

Postgres service X.509 certificate version

Hi all, I'm building a Rust app using SQLX and PostgreSQL as backend and have trouble getting it to work with rustls backend. It works find with native-tls using openssl behind the scenes, but it seems to be prefered using the rust native TLS implementation. The error I get from rustls is: error: InvalidCertificate(Other(UnsupportedCertVersion)) The following dependencies in Cargo.toml 
sqlx = { version = "0.7.2", features = ["runtime-tokio", "postgres", "tls-native-tls"] } # Works!
sqlx = { version = "0.7.2", features = ["runtime-tokio", "postgres", "tls-rustls"] } # Does not work
sqlx = { version = "0.7.2", features = ["runtime-tokio", "postgres", "tls-native-tls"] } # Works!
sqlx = { version = "0.7.2", features = ["runtime-tokio", "postgres", "tls-rustls"] } # Does not work
After some digging, it seems that rustls only support X.509 certificates of version 3, while it seems that the standard Railway Postgres-service use a X.509 certificate with version 1, is there any way of changing this? 
openssl s_client -starttls postgres -connect postgres.proxy.rlwy.net:5432 </dev/null 2>/dev/null | openssl x509 -inform pem -text | grep Version
    -->    Version: 1 (0x0)
openssl s_client -starttls postgres -connect postgres.proxy.rlwy.net:5432 </dev/null 2>/dev/null | openssl x509 -inform pem -text | grep Version
    -->    Version: 1 (0x0)
This specific database is hosted in project 2de6c365-d738-444e-a12a-37a59bc8df1c but I've seen the same in other projects as well.
2 Replies
Percy
Percy8mo ago
Project ID: 2de6c365-d738-444e-a12a-37a59bc8df1c
Brody
Brody8mo ago
it seems that the standard Railway Postgres-service use a X.509 certificate with version 1, is there any way of changing this?
you can fork their repo, modify it as you see fit, and deploy your own postgres database or disable external access (remove the tcp proxy) and connect to the database exclusively over the private network so you don't have to worry about using tls
Want results from more Discord servers?
Add your server
More Posts
ENV vars not been passed on build?Hello, i'm currently building a Payload CMS & Next.js website, I'm trying to deploy the site to RailNotifications on LogsHello all, Is there a way to get any kind of "notification" (email, webhook, etc.) on a log regex? Template failing: "Repo name needed"I'm trying to launch a new service based on the 'browserless.io' template and it won't launch. I typRailway deployment webhookI'm configuring a webhook when a Railway starts a deployment. I would like to know if the service iAfter migration database of redis my api is brokenThe api is working on locally on my computer which is connected to railway redis database and it is No se pueden realizar QueriesNo aparece el apartado de Query, por lo que no puedo cargar las tablas y sus elementosI can't figure out where to get the s3 endpointloadingError about connecting my camera to my web app My system camera is working fine when running it on l