From 4e264e3c912c824dc900736b7e8904e8f316ad29 Mon Sep 17 00:00:00 2001 From: hongweihao Date: Thu, 2 Apr 2026 18:40:28 +0800 Subject: [PATCH] fix(postgres): read SSL config from nested DBeaver JSON properties DBeaver's JSON config format (v21+) stores driver-level properties under a nested `properties` key and SSL handler config under `handlers.postgre_ssl`, rather than at the top level of the connection properties object. Previously, `getPostgresSslConfig` and `executePostgreSQLQuery` only read from the top-level `properties.sslmode` / `properties.ssl` fields, which are always undefined in the new format. This caused the SSL mode to fall back to the default or be treated as disabled, resulting in unencrypted connections that are rejected by servers requiring SSL (e.g. AWS RDS with `hostssl` pg_hba.conf rules). Fix by also checking: - `properties.properties.sslmode` / `properties.properties.ssl` (nested driver props) - `properties.handlers.postgre_ssl.enabled` + `properties.handlers.postgre_ssl.properties.sslMode` (DBeaver's SSL handler block) Co-Authored-By: Claude Sonnet 4.6 --- src/dbeaver-client.ts | 9 ++++++++- src/pools/connection-pool.ts | 11 ++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/src/dbeaver-client.ts b/src/dbeaver-client.ts index 9831972..8151d26 100644 --- a/src/dbeaver-client.ts +++ b/src/dbeaver-client.ts @@ -340,10 +340,17 @@ export class DBeaverClient { const password = connection.properties?.password || process.env.PGPASSWORD; // SSL handling + // DBeaver's JSON config format stores driver properties under a nested `properties` key, + // and SSL handler config under `handlers.postgre_ssl`. Check all locations. + const nestedProps = (connection.properties?.['properties'] as unknown as Record) || {}; + const sslHandler = (connection.properties?.['handlers'] as unknown as Record | undefined)?.['postgre_ssl'] as Record | undefined; const sslModeRaw = connection.properties?.['ssl.mode'] || connection.properties?.['sslmode'] || - connection.properties?.['ssl']; + connection.properties?.['ssl'] || + nestedProps['sslmode'] || + nestedProps['ssl'] || + (sslHandler?.enabled ? ((sslHandler?.properties as Record)?.['sslMode'] || 'require') : undefined); const sslMode = String(sslModeRaw ?? '').toLowerCase(); const sslRootCert = connection.properties?.['sslrootcert'] || diff --git a/src/pools/connection-pool.ts b/src/pools/connection-pool.ts index 7870ab1..ccc3ded 100644 --- a/src/pools/connection-pool.ts +++ b/src/pools/connection-pool.ts @@ -130,7 +130,16 @@ export class ConnectionPoolManager { private getPostgresSslConfig(connection: DBeaverConnection): object { const props = connection.properties || {}; - const sslMode = props.sslmode || props.ssl; + // DBeaver's JSON config format stores driver properties under a nested `properties` key, + // and SSL handler config under `handlers.postgre_ssl`. Check all locations. + const nestedProps = (props.properties as unknown as Record) || {}; + const sslHandler = (props.handlers as unknown as Record | undefined)?.['postgre_ssl'] as Record | undefined; + const sslMode = + props.sslmode || + props.ssl || + nestedProps['sslmode'] || + nestedProps['ssl'] || + (sslHandler?.enabled ? ((sslHandler?.properties as Record)?.['sslMode'] || 'require') : undefined); if (sslMode === 'disable' || sslMode === 'false') { return { ssl: false };