jaltaire
jaltaire
Explore posts from servers
CDCloudflare DevelopersSShuttle
PostsComments
CDCloudflare Developers
Created by jaltaire on 5/8/2025 in #workers-help
Direct connection to Postgres DB with SSL enabled (for Rust worker)?
I am trying to connect directly (without Hyperdrive) to my Postgres DB (hosted on Supabase) via a Rust worker using tokio-postgres, as follows: 
let conn_str = env.secret("DB_CONN_STR");
let config = tokio_postgres::Config::from_str(conn_str)?;

let host = match config.get_hosts().first().unwrap() {
    Host::Tcp(host_str) => Ok(host_str),
    _ => Err(eyre!("Host platform not supported!")),
}?;
let port = config.get_ports().first().unwrap();

let socket = Socket::builder()
    .secure_transport(SecureTransport::StartTls)
    .connect(host, *port)?;

let (client, connection) = config.connect_raw(socket, PassthroughTls).await?;
let conn_str = env.secret("DB_CONN_STR");
let config = tokio_postgres::Config::from_str(conn_str)?;

let host = match config.get_hosts().first().unwrap() {
    Host::Tcp(host_str) => Ok(host_str),
    _ => Err(eyre!("Host platform not supported!")),
}?;
let port = config.get_ports().first().unwrap();

let socket = Socket::builder()
    .secure_transport(SecureTransport::StartTls)
    .connect(host, *port)?;

let (client, connection) = config.connect_raw(socket, PassthroughTls).await?;
This only seems to work, however, if I add sslmode=disable to my DB_CONN_STR. If sslmode=require, then I get: Error: TLS Handshake Failed. If sslmode=require and I change SecureTransport::StartTls to SecureTransport::On, then I get: Error: Stream was cancelled. What am I missing here that I need to change? Possibly replacing PassthroughTls with some other struct/impl?
1 replies