From 056355d726a15b18cf5c721972e221147f2a15f8 Mon Sep 17 00:00:00 2001 From: Julien Barbe Date: Wed, 3 Jun 2026 11:09:03 +0200 Subject: [PATCH 1/2] fix: include PostgreSQL TLS settings in pool key --- src-tauri/src/pool_manager.rs | 17 +++++++++++++---- src-tauri/src/pool_manager_tests.rs | 23 ++++++++++++++++++----- 2 files changed, 31 insertions(+), 9 deletions(-) diff --git a/src-tauri/src/pool_manager.rs b/src-tauri/src/pool_manager.rs index 37d084cf..12351aaa 100644 --- a/src-tauri/src/pool_manager.rs +++ b/src-tauri/src/pool_manager.rs @@ -83,15 +83,24 @@ pub(crate) fn build_connection_key( params: &ConnectionParams, connection_id: Option<&str>, ) -> String { - let tls_key = (params.driver == "mysql").then(|| { - format!( + let tls_key = match params.driver.as_str() { + "mysql" => Some(format!( "ssl:{}:{}:{}:{}", params.ssl_mode.as_deref().unwrap_or("default"), params.ssl_ca.as_deref().unwrap_or(""), params.ssl_cert.as_deref().unwrap_or(""), params.ssl_key.as_deref().unwrap_or("") - ) - }); + )), + "postgres" => { + let ssl_mode = params.ssl_mode.as_deref().unwrap_or("prefer"); + let ssl_ca = match ssl_mode { + "verify-ca" | "verify-full" => params.ssl_ca.as_deref().unwrap_or(""), + _ => "", + }; + Some(format!("ssl:{ssl_mode}:{ssl_ca}")) + } + _ => None, + }; let base_key = if let Some(conn_id) = connection_id { // Include database in key so different databases on the same connection use separate pools diff --git a/src-tauri/src/pool_manager_tests.rs b/src-tauri/src/pool_manager_tests.rs index bfb23c74..5b3a9172 100644 --- a/src-tauri/src/pool_manager_tests.rs +++ b/src-tauri/src/pool_manager_tests.rs @@ -83,20 +83,33 @@ mod tests { } #[test] - fn postgres_pool_key_ignores_mysql_ssl_key_fields() { + fn postgres_pool_key_changes_when_ssl_mode_changes() { let required = connection_params("postgres", Some("required")); - let disabled = connection_params("postgres", Some("disabled")); + let disabled = connection_params("postgres", Some("disable")); - assert_eq!( + assert_ne!( build_connection_key(&required, Some("conn-1")), build_connection_key(&disabled, Some("conn-1")) ); } #[test] - fn sqlite_pool_key_ignores_mysql_ssl_key_fields() { + fn postgres_pool_key_changes_when_ssl_ca_changes() { + let without_ca = connection_params("postgres", Some("verify-ca")); + let mut with_ca = connection_params("postgres", Some("verify-ca")); + with_ca.ssl_ca = Some("/tmp/postgres-ca.pem".to_string()); + + assert_ne!( + build_connection_key(&without_ca, Some("conn-1")), + build_connection_key(&with_ca, Some("conn-1")) + ); + } + + #[test] + fn sqlite_pool_key_ignores_tls_key_fields() { let required = connection_params("sqlite", Some("required")); - let disabled = connection_params("sqlite", Some("disabled")); + let mut disabled = connection_params("sqlite", Some("disabled")); + disabled.ssl_ca = Some("/tmp/sqlite-ca.pem".to_string()); assert_eq!( build_connection_key(&required, Some("conn-1")), From 42ddddb9c0651ad1e6b47f7e875252d167a3bf78 Mon Sep 17 00:00:00 2001 From: Julien Barbe Date: Wed, 3 Jun 2026 12:26:29 +0200 Subject: [PATCH 2/2] test: use PostgreSQL require SSL mode --- src-tauri/src/pool_manager_tests.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src-tauri/src/pool_manager_tests.rs b/src-tauri/src/pool_manager_tests.rs index 5b3a9172..6fb700f2 100644 --- a/src-tauri/src/pool_manager_tests.rs +++ b/src-tauri/src/pool_manager_tests.rs @@ -84,7 +84,7 @@ mod tests { #[test] fn postgres_pool_key_changes_when_ssl_mode_changes() { - let required = connection_params("postgres", Some("required")); + let required = connection_params("postgres", Some("require")); let disabled = connection_params("postgres", Some("disable")); assert_ne!(