LHelge
LHelge
PostsComments
RRailway
Created by LHelge on 11/13/2023 in #✋|help
Postgres service X.509 certificate version
Hi all, I'm building a Rust app using SQLX and PostgreSQL as backend and have trouble getting it to work with rustls backend. It works find with native-tls using openssl behind the scenes, but it seems to be prefered using the rust native TLS implementation. The error I get from rustls is: error: InvalidCertificate(Other(UnsupportedCertVersion)) The following dependencies in Cargo.toml 
sqlx = { version = "0.7.2", features = ["runtime-tokio", "postgres", "tls-native-tls"] } # Works!
sqlx = { version = "0.7.2", features = ["runtime-tokio", "postgres", "tls-rustls"] } # Does not work
sqlx = { version = "0.7.2", features = ["runtime-tokio", "postgres", "tls-native-tls"] } # Works!
sqlx = { version = "0.7.2", features = ["runtime-tokio", "postgres", "tls-rustls"] } # Does not work
After some digging, it seems that rustls only support X.509 certificates of version 3, while it seems that the standard Railway Postgres-service use a X.509 certificate with version 1, is there any way of changing this? 
openssl s_client -starttls postgres -connect postgres.proxy.rlwy.net:5432 </dev/null 2>/dev/null | openssl x509 -inform pem -text | grep Version
    -->    Version: 1 (0x0)
openssl s_client -starttls postgres -connect postgres.proxy.rlwy.net:5432 </dev/null 2>/dev/null | openssl x509 -inform pem -text | grep Version
    -->    Version: 1 (0x0)
This specific database is hosted in project 2de6c365-d738-444e-a12a-37a59bc8df1c but I've seen the same in other projects as well.
4 replies