sqlx_build_trust_postgres/options/ssl_mode.rs
1use crate::error::Error;
2use std::str::FromStr;
3
4/// Options for controlling the level of protection provided for PostgreSQL SSL connections.
5///
6/// It is used by the [`ssl_mode`](super::PgConnectOptions::ssl_mode) method.
7#[derive(Debug, Clone, Copy)]
8pub enum PgSslMode {
9 /// Only try a non-SSL connection.
10 Disable,
11
12 /// First try a non-SSL connection; if that fails, try an SSL connection.
13 Allow,
14
15 /// First try an SSL connection; if that fails, try a non-SSL connection.
16 Prefer,
17
18 /// Only try an SSL connection. If a root CA file is present, verify the connection
19 /// in the same way as if `VerifyCa` was specified.
20 Require,
21
22 /// Only try an SSL connection, and verify that the server certificate is issued by a
23 /// trusted certificate authority (CA).
24 VerifyCa,
25
26 /// Only try an SSL connection; verify that the server certificate is issued by a trusted
27 /// CA and that the requested server host name matches that in the certificate.
28 VerifyFull,
29}
30
31impl Default for PgSslMode {
32 fn default() -> Self {
33 PgSslMode::Prefer
34 }
35}
36
37impl FromStr for PgSslMode {
38 type Err = Error;
39
40 fn from_str(s: &str) -> Result<Self, Error> {
41 Ok(match &*s.to_ascii_lowercase() {
42 "disable" => PgSslMode::Disable,
43 "allow" => PgSslMode::Allow,
44 "prefer" => PgSslMode::Prefer,
45 "require" => PgSslMode::Require,
46 "verify-ca" => PgSslMode::VerifyCa,
47 "verify-full" => PgSslMode::VerifyFull,
48
49 _ => {
50 return Err(Error::Configuration(
51 format!("unknown value {s:?} for `ssl_mode`").into(),
52 ));
53 }
54 })
55 }
56}