1

I'm using Postgresql with Node.js, Express, and Massive. I'm getting this error:

"(node:11507) DeprecationWarning: Implicit disabling of certificate verification is deprecated and will be removed in pg 8. Specify rejectUnauthorized: true to require a valid CA or rejectUnauthorized: false to explicitly opt out of MITM protection."

My database connection string is set up with ?ssl=true at the end of the string. I think the error is saying that that configuration is deprecated. I've tried taking it out and adding this to my server:

require('dotenv').config();
const express = require('express');
const massive = require('massive');
const {CONNECTION_STRING} = process.env;

app.use(express.json());

CONNECTION_STRING.ssl = {
    rejectUnauthorized: true,
}

massive(CONNECTION_STRING).then(db => {
    app.set('db', db);
    console.log('db connected')
});

I still get errors. What's the correct way to configure this to make the error go away? I've been reading you need to configure it with .ssl = { rejectUnauthorized: true}. How exactly should I be writing the code? Can someone write out an example? And should the ?ssl-true be removed from the end of the db connection string?

Page COW
  • 515
  • 13
  • 31
  • Is this an error? It calls itself a warning. – jjanes May 12 '20 at 18:40
  • Can you print out the value of CONNECTION_STRING after you set rejectUnauthorized? – jjanes May 12 '20 at 18:48
  • I think it is a warning, not an error. I am able to print the value of CONNECTION_STRING. It is the same url to the Heroku Postgresql database with the "?ssl=true" at the end. – Page COW May 12 '20 at 18:55
  • Based on https://node-postgres.com/features/ssl, I think you need to use a configuration structure here, not a flat connection string. – jjanes May 12 '20 at 18:59

0 Answers0