From f41e1e9ad1b35aba3caf3724e41a75466c744262 Mon Sep 17 00:00:00 2001
From: Benjie Gillam <benjie@jemjie.com>
Date: Thu, 10 Sep 2020 17:45:20 +0100
Subject: [PATCH 1/3] Add support for ?sslmode connection string param

---
 packages/pg-connection-string/index.js      | 19 +++++++++
 packages/pg-connection-string/test/parse.js | 46 +++++++++++++++++++++
 2 files changed, 65 insertions(+)

diff --git a/packages/pg-connection-string/index.js b/packages/pg-connection-string/index.js
index 65951c374..c07b146a9 100644
--- a/packages/pg-connection-string/index.js
+++ b/packages/pg-connection-string/index.js
@@ -81,6 +81,25 @@ function parse(str) {
     config.ssl.ca = fs.readFileSync(config.sslrootcert).toString()
   }
 
+  switch (config.sslmode) {
+    case 'disable': {
+      config.ssl = false
+      break
+    }
+    case 'prefer':
+    case 'require':
+    case 'verify-ca':
+    case 'verify-full': {
+      config.ssl = config.ssl || true
+      break
+    }
+    case 'no-verify': {
+      config.ssl = config.ssl || {}
+      config.ssl.rejectUnauthorized = false
+      break
+    }
+  }
+
   return config
 }
 
diff --git a/packages/pg-connection-string/test/parse.js b/packages/pg-connection-string/test/parse.js
index 035b025d1..9a88f1d09 100644
--- a/packages/pg-connection-string/test/parse.js
+++ b/packages/pg-connection-string/test/parse.js
@@ -241,6 +241,52 @@ describe('parse', function () {
     })
   })
 
+  it('configuration parameter sslmode=no-verify', function () {
+    var connectionString = 'pg:///?sslmode=no-verify'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql({
+      rejectUnauthorized: false,
+    })
+  })
+
+  it('configuration parameter sslmode=disable', function () {
+    var connectionString = 'pg:///?sslmode=disable'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql(false)
+  })
+
+  it('configuration parameter sslmode=prefer', function () {
+    var connectionString = 'pg:///?sslmode=prefer'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql(true)
+  })
+
+  it('configuration parameter sslmode=require', function () {
+    var connectionString = 'pg:///?sslmode=require'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql(true)
+  })
+
+  it('configuration parameter sslmode=verify-ca', function () {
+    var connectionString = 'pg:///?sslmode=verify-ca'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql(true)
+  })
+
+  it('configuration parameter sslmode=verify-full', function () {
+    var connectionString = 'pg:///?sslmode=verify-full'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql(true)
+  })
+
+  it("configuration parameter sslmode=require doesn't overwrite sslrootcert=/path/to/ca", function () {
+    var connectionString = 'pg:///?sslrootcert=' + __dirname + '/example.ca&sslmode=require'
+    var subject = parse(connectionString)
+    subject.ssl.should.eql({
+      ca: 'example ca\n',
+    })
+  })
+
   it('allow other params like max, ...', function () {
     var subject = parse('pg://myhost/db?max=18&min=4')
     subject.max.should.equal('18')

From 847a0b49ff6ae8b695779ffe9b2b838c4864956c Mon Sep 17 00:00:00 2001
From: Benjie Gillam <benjie@jemjie.com>
Date: Thu, 10 Sep 2020 18:31:40 +0100
Subject: [PATCH 2/3] Solve issues caused by config.ssl = true

---
 packages/pg-connection-string/index.js      | 4 +---
 packages/pg-connection-string/test/parse.js | 8 ++++----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/packages/pg-connection-string/index.js b/packages/pg-connection-string/index.js
index c07b146a9..995ff0684 100644
--- a/packages/pg-connection-string/index.js
+++ b/packages/pg-connection-string/index.js
@@ -65,7 +65,7 @@ function parse(str) {
     config.ssl = false
   }
 
-  if (config.sslcert || config.sslkey || config.sslrootcert) {
+  if (config.sslcert || config.sslkey || config.sslrootcert || config.sslmode) {
     config.ssl = {}
   }
 
@@ -90,11 +90,9 @@ function parse(str) {
     case 'require':
     case 'verify-ca':
     case 'verify-full': {
-      config.ssl = config.ssl || true
       break
     }
     case 'no-verify': {
-      config.ssl = config.ssl || {}
       config.ssl.rejectUnauthorized = false
       break
     }
diff --git a/packages/pg-connection-string/test/parse.js b/packages/pg-connection-string/test/parse.js
index 9a88f1d09..910d26f7e 100644
--- a/packages/pg-connection-string/test/parse.js
+++ b/packages/pg-connection-string/test/parse.js
@@ -258,25 +258,25 @@ describe('parse', function () {
   it('configuration parameter sslmode=prefer', function () {
     var connectionString = 'pg:///?sslmode=prefer'
     var subject = parse(connectionString)
-    subject.ssl.should.eql(true)
+    subject.ssl.should.eql({})
   })
 
   it('configuration parameter sslmode=require', function () {
     var connectionString = 'pg:///?sslmode=require'
     var subject = parse(connectionString)
-    subject.ssl.should.eql(true)
+    subject.ssl.should.eql({})
   })
 
   it('configuration parameter sslmode=verify-ca', function () {
     var connectionString = 'pg:///?sslmode=verify-ca'
     var subject = parse(connectionString)
-    subject.ssl.should.eql(true)
+    subject.ssl.should.eql({})
   })
 
   it('configuration parameter sslmode=verify-full', function () {
     var connectionString = 'pg:///?sslmode=verify-full'
     var subject = parse(connectionString)
-    subject.ssl.should.eql(true)
+    subject.ssl.should.eql({})
   })
 
   it("configuration parameter sslmode=require doesn't overwrite sslrootcert=/path/to/ca", function () {

From d410a3d270795838f724cfb09875302c6fa79ca1 Mon Sep 17 00:00:00 2001
From: Benjie Gillam <benjie@jemjie.com>
Date: Thu, 17 Sep 2020 08:40:45 +0100
Subject: [PATCH 3/3] Add ssl=true into the test

---
 packages/pg-connection-string/test/parse.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/pg-connection-string/test/parse.js b/packages/pg-connection-string/test/parse.js
index 910d26f7e..a0cd26385 100644
--- a/packages/pg-connection-string/test/parse.js
+++ b/packages/pg-connection-string/test/parse.js
@@ -279,8 +279,8 @@ describe('parse', function () {
     subject.ssl.should.eql({})
   })
 
-  it("configuration parameter sslmode=require doesn't overwrite sslrootcert=/path/to/ca", function () {
-    var connectionString = 'pg:///?sslrootcert=' + __dirname + '/example.ca&sslmode=require'
+  it('configuration parameter ssl=true and sslmode=require still work with sslrootcert=/path/to/ca', function () {
+    var connectionString = 'pg:///?ssl=true&sslrootcert=' + __dirname + '/example.ca&sslmode=require'
     var subject = parse(connectionString)
     subject.ssl.should.eql({
       ca: 'example ca\n',