sqlx_build_trust_postgres/options/
ssl_mode.rs

1use crate::error::Error;
2use std::str::FromStr;
3
4/// Options for controlling the level of protection provided for PostgreSQL SSL connections.
5///
6/// It is used by the [`ssl_mode`](super::PgConnectOptions::ssl_mode) method.
7#[derive(Debug, Clone, Copy)]
8pub enum PgSslMode {
9    /// Only try a non-SSL connection.
10    Disable,
11
12    /// First try a non-SSL connection; if that fails, try an SSL connection.
13    Allow,
14
15    /// First try an SSL connection; if that fails, try a non-SSL connection.
16    Prefer,
17
18    /// Only try an SSL connection. If a root CA file is present, verify the connection
19    /// in the same way as if `VerifyCa` was specified.
20    Require,
21
22    /// Only try an SSL connection, and verify that the server certificate is issued by a
23    /// trusted certificate authority (CA).
24    VerifyCa,
25
26    /// Only try an SSL connection; verify that the server certificate is issued by a trusted
27    /// CA and that the requested server host name matches that in the certificate.
28    VerifyFull,
29}
30
31impl Default for PgSslMode {
32    fn default() -> Self {
33        PgSslMode::Prefer
34    }
35}
36
37impl FromStr for PgSslMode {
38    type Err = Error;
39
40    fn from_str(s: &str) -> Result<Self, Error> {
41        Ok(match &*s.to_ascii_lowercase() {
42            "disable" => PgSslMode::Disable,
43            "allow" => PgSslMode::Allow,
44            "prefer" => PgSslMode::Prefer,
45            "require" => PgSslMode::Require,
46            "verify-ca" => PgSslMode::VerifyCa,
47            "verify-full" => PgSslMode::VerifyFull,
48
49            _ => {
50                return Err(Error::Configuration(
51                    format!("unknown value {s:?} for `ssl_mode`").into(),
52                ));
53            }
54        })
55    }
56}