matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-07-31 09:24:31 +03:00
Code Activity

New config options to set the database certificates

Browse Source
This commit is contained in:
Quentin Gliech
2024-07-02 17:15:27 +02:00
parent bd3b19e122
commit eff66726d5
4 changed files with 243 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
docs/config.schema.json
View File

@ -1003,6 +1003,38 @@
"description": "The database name\n\nThis must not be specified if `uri` is specified.",
"type": "string"
},
"ssl_mode": {
"description": "How to handle SSL connections",
"allOf": [
{
"$ref": "#/definitions/PgSslMode"
}
]
},
"ssl_ca": {
"description": "The PEM-encoded root certificate for SSL connections\n\nThis must not be specified if the `ssl_ca_file` option is specified.",
"type": "string"
},
"ssl_ca_file": {
"description": "Path to the root certificate for SSL connections\n\nThis must not be specified if the `ssl_ca` option is specified.",
"type": "string"
},
"ssl_certificate": {
"description": "The PEM-encoded client certificate for SSL connections\n\nThis must not be specified if the `ssl_certificate_file` option is specified.",
"type": "string"
},
"ssl_certificate_file": {
"description": "Path to the client certificate for SSL connections\n\nThis must not be specified if the `ssl_certificate` option is specified.",
"type": "string"
},
"ssl_key": {
"description": "The PEM-encoded client key for SSL connections\n\nThis must not be specified if the `ssl_key_file` option is specified.",
"type": "string"
},
"ssl_key_file": {
"description": "Path to the client key for SSL connections\n\nThis must not be specified if the `ssl_key` option is specified.",
"type": "string"
},
"max_connections": {
"description": "Set the maximum number of connections the pool should maintain",
"default": 10,
@ -1044,6 +1076,53 @@
"type": "string",
"format": "hostname"
},
"PgSslMode": {
"description": "Options for controlling the level of protection provided for PostgreSQL SSL connections.",
"oneOf": [
{
"description": "Only try a non-SSL connection.",
"type": "string",
"enum": [
"disable"
]
},
{
"description": "First try a non-SSL connection; if that fails, try an SSL connection.",
"type": "string",
"enum": [
"allow"
]
},
{
"description": "First try an SSL connection; if that fails, try a non-SSL connection.",
"type": "string",
"enum": [
"prefer"
]
},
{
"description": "Only try an SSL connection. If a root CA file is present, verify the connection in the same way as if `VerifyCa` was specified.",
"type": "string",
"enum": [
"require"
]
},
{
"description": "Only try an SSL connection, and verify that the server certificate is issued by a trusted certificate authority (CA).",
"type": "string",
"enum": [
"verify-ca"
]
},
{
"description": "Only try an SSL connection; verify that the server certificate is issued by a trusted CA and that the requested server host name matches that in the certificate.",
"type": "string",
"enum": [
"verify-full"
]
}
]
},
"TelemetryConfig": {
"description": "Configuration related to sending monitoring data",
"type": "object",