From: Gord Thompson Date: Sun, 23 May 2021 23:44:13 +0000 (-0600) Subject: Add SSL connection info for psycopg2 and pg8000 X-Git-Tag: rel_1_4_16~16^2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c2c5ccf285333439df523be4ab419fa3c629871;p=thirdparty%2Fsqlalchemy%2Fsqlalchemy.git Add SSL connection info for psycopg2 and pg8000 Change-Id: I8ead04dd572f0c0020c226254543eb7d93876ee4 --- diff --git a/lib/sqlalchemy/dialects/postgresql/pg8000.py b/lib/sqlalchemy/dialects/postgresql/pg8000.py index d999cdf6fe..e39f61ddc6 100644 --- a/lib/sqlalchemy/dialects/postgresql/pg8000.py +++ b/lib/sqlalchemy/dialects/postgresql/pg8000.py @@ -39,6 +39,33 @@ passed to :func:`_sa.create_engine` using the ``client_encoding`` parameter:: engine = create_engine( "postgresql+pg8000://user:pass@host/dbname", client_encoding='utf8') +.. _pg8000_ssl: + +SSL Connections +---------------- + +pg8000 accepts a Python ``SSLContext`` object which may be specified using the +:paramref:`_sa.create_engine.connect_args` dictionary:: + + import ssl + ssl_context = ssl.create_default_context() + engine = sa.create_engine( + "postgresql+pg8000://scott:tiger@192.168.0.199:5432/test, + connect_args={'ssl_context': ssl_context}, + ) + +If the server uses an automatically-generated certificate that is self-signed +or does not match the host name (as seen from the client), it may also be +necessary to disable hostname checking:: + + import ssl + ssl_context = ssl.create_default_context() + ssl_context.check_hostname=False + ssl_context.verify_mode = ssl.CERT_NONE + engine = sa.create_engine( + "postgresql+pg8000://scott:tiger@192.168.0.199:5432/test, + connect_args={'ssl_context': ssl_context}, + ) .. _pg8000_isolation_level: diff --git a/lib/sqlalchemy/dialects/postgresql/psycopg2.py b/lib/sqlalchemy/dialects/postgresql/psycopg2.py index c2b6790224..1d71e38d47 100644 --- a/lib/sqlalchemy/dialects/postgresql/psycopg2.py +++ b/lib/sqlalchemy/dialects/postgresql/psycopg2.py @@ -51,6 +51,13 @@ psycopg2-specific keyword arguments which are accepted by :ref:`psycopg2_executemany_mode` +* ``sslmode``: Controls psycopg2's behavior for encrypted connections. + The psycopg2 default is ``sslmode=prefer``; it will attempt an SSL + connection and if that fails it will fall back to an unencrypted connection. + ``sslmode=require`` can be used to only establish secure connections. (Other + modes are available. See the psycopg2 documentation for details.) + + Unix Domain Connections ------------------------