PostgreSQL on Rails 3.2 not honoring sslmode

1
votes

I have a Rails 3.2 app using an Amazon RDS PostgreSQL database. I want the app to connect to the database over SSL. My database.yml looks like this:

development:
  adapter: postgresql
  encoding: utf8
  database: xxx
  host: xxx.rds.amazonaws.com
  port: 1234
  sslmode: verify-full
  sslrootcert: <%= Rails.root %>/config/rds-combined-ca-bundle.pem
  username: xxx
  password: xxx

The sslrootcert is the public key downloaded from http://s3.amazonaws.com/rds-downloads/rds-combined-ca-bundle.pem (see http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_PostgreSQL.html#PostgreSQL.Concepts.General.SSL)

The problem I am having is that sslmode verify-full does not seem to be working. I can change sslrootcert to /blah.pem and my database still connects and my Rails app functions. What am I missing?

1
ruby-on-railspostgresqlsslamazon-web-services

1 Answers

0
votes

I'm not sure, and haven't tested, but...

This actually is a feature of the underlying libpq library and all of Rails, ActiveRecord and the pg gem itself (AFAIK) just pass those settings through. So you may be able to get the behavior you're after by upgrading libpq. It looks like it was introduced in version 8.4