[英]PostgreSQL pq Open not successful: x509: certificate signed by unknown authority
此代碼有什么問題?
http://godoc.org/github.com/lib/pq
* dbname - The name of the database to connect to
* user - The user to sign in as
* password - The user's password
* host - The host to connect to. Values that start with / are for unix domain sockets. (default is localhost)
* port - The port to bind to. (default is 5432)
* sslmode - Whether or not to use SSL (default is require, this is not the default for libpq)
* fallback_application_name - An application_name to fall back to if one isn't provided.
* connect_timeout - Maximum wait for connection, in seconds. Zero or not specified means wait indefinitely.
因此,我只鍵入以下內容,並期望看到與PostgreSQL連接的成功連接,但似乎無法正常工作。 語法是否有問題,因為sql.Open的語法與我用於MySQL的語法不同。
"dbname=%s user=%s password=%s host=%s port=%s sslmode=%s connect_timeout=%s"
並且此代碼的錯誤消息是x509: certificate signed by unknown authority
package main
import (
"database/sql"
"fmt"
"log"
"os"
_ "github.com/lib/pq"
)
func main() {
db := Get()
defer db.Close()
err := db.Ping()
if err == nil {
log.Fatalln("db.Ping is successful!")
} else {
log.Fatalln(err)
}
}
func Get() *sql.DB {
const (
AWS_DB = "mydb"
AWS_USER = "rootuser"
AWS_PASS = "1234"
AWS_HOST = "redshift.amazonaws.com"
AWS_PORT = "5439"
AWS_SSL = "verify-full"
AWS_TIME = "2"
AWS_ACCESS_KEY = "abcd"
AWS_SECRET_KEY = "efgh"
)
db, err := sql.Open("postgres",
fmt.Sprintf("dbname=%s user=%s password=%s host=%s port=%s sslmode=%s connect_timeout=%s",
AWS_DB,
AWS_USER,
AWS_PASS,
AWS_HOST,
AWS_PORT,
AWS_SSL,
AWS_TIME,
))
if err != nil {
log.Fatalln("Error:")
log.Fatalln(err)
os.Exit(1)
}
return db
}
如錯誤消息所示,您的主機不信任對您的數據庫服務器的證書進行簽名的證書頒發機構(CA)。
如果您有能力啟用InsecureSkipVerify
則設置sslmode=require
。 這將阻止客戶端驗證服務器的證書鏈和主機名(但仍將使用SSL)。
如果這不是一個選項,則需要將CA添加到主機受信任的CA。 這取決於您的操作系統。 在Linux上,將其添加到/etc/ssl/cert.pem
很有機會。
顯然,PostgreSQL驅動程序不允許指定自定義tls.Config
,這會使事情變得更加靈活。 在源代碼中,您可以看到它始終使用tls.Config{}
。 它沒有提供設置自定義RootCAs
的選項。
您需要傳遞sslrootcert
參數。 您的代碼將成為
db, err := sql.Open("postgres",
fmt.Sprintf("dbname=%s user=%s password=%s host=%s port=%s sslmode=%s sslrootcert=%s connect_timeout=%s",
AWS_DB,
AWS_USER,
AWS_PASS,
AWS_HOST,
AWS_PORT,
AWS_SSL,
AWS_SSL_CERT_PATH,
AWS_TIME,
))
其中AWS_SSL_CERT_PATH="/path/to/the/certificate"
您可以在此處找到更多信息和下載證書的鏈接。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.