[][src]Struct sqlx::PgConnection

pub struct PgConnection { /* fields omitted */ }
This is supported on feature="postgres" only.

An asynchronous connection to a Postgres database.

The connection string expected by Connect::connect should be a PostgreSQL connection string, as documented at https://www.postgresql.org/docs/12/libpq-connect.html#LIBPQ-CONNSTRING

TLS Support (requires tls feature)

This connection type supports the same sslmode query parameter that libpq does in connection strings: https://www.postgresql.org/docs/12/libpq-ssl.html

postgresql://<user>[:<password>]@<host>[:<port>]/<database>[?sslmode=<ssl-mode>[&sslcrootcert=<path>]]

where

ssl-mode = disable | allow | prefer | require | verify-ca | verify-full
path = percent (URL) encoded path on the local machine

If the tls feature is not enabled, disable, allow and prefer are no-ops and require, verify-ca and verify-full are forbidden (attempting to connect with these will return an error).

If the tls feature is enabled, an upgrade to TLS is attempted on every connection by default (equivalent to sslmode=prefer). If the server does not support TLS (because it was not started with a valid certificate and key, see https://www.postgresql.org/docs/12/ssl-tcp.html) then it falls back to an unsecured connection and logs a warning.

Add sslmode=require to your connection string to emit an error if the TLS upgrade fails.

If you're running Postgres locally, your connection string might look like this:

postgresql://root:password@localhost/my_database?sslmode=require

However, like with libpq the server certificate is not checked for validity by default.

Specifying sslmode=verify-ca will cause the TLS upgrade to verify the server's SSL certificate against a local CA root certificate; this is not the system root certificate but is instead expected to be specified in one of a few ways:

  • The path to the certificate can be specified by adding the sslrootcert query parameter to the connection string. (Remember to percent-encode it!)

  • The path may also be specified via the PGSSLROOTCERT environment variable (which should not be percent-encoded.)

  • Otherwise, the library will look for the Postgres global root CA certificate in the default location:

    • $HOME/.postgresql/root.crt on POSIX systems
    • %APPDATA%\postgresql\root.crt on Windows

These locations are documented here: https://www.postgresql.org/docs/12/libpq-ssl.html#LIBQ-SSL-CERTIFICATES If the root certificate cannot be found by any of these means then the TLS upgrade will fail.

If sslmode=verify-full is specified, in addition to checking the certificate as with sslmode=verify-ca, the hostname in the connection string will be verified against the hostname in the server certificate, so they must be the same for the TLS upgrade to succeed.

Trait Implementations

impl Connect for PgConnection[src]

impl Connection for PgConnection[src]

impl Executor for PgConnection[src]

type Database = Postgres

The specific database that this type is implemented for.

impl<'c> RefExecutor<'c> for &'c mut PgConnection[src]

type Database = Postgres

Auto Trait Implementations

Blanket Implementations

impl<T> Any for T where
    T: 'static + ?Sized
[src]

impl<T> Borrow<T> for T where
    T: ?Sized
[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized
[src]

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, 
[src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<T> Sealed<T> for T where
    T: ?Sized

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 
[src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,