How to override `checkServerIdentity` for ssl connection?

I’m submitting a…

• Question

Current behavior

I can only connect to my google cloud psql instance with rejectUnauthorized: false.

Expected behavior

I can connect to my google cloud psql instance with rejectUnauthorized: true.

Minimal reproduction of the problem with instructions

Create a google cloud managed postgresql instance and switch on ssl/tls with the self signed CA. Then try to run migrations on the database from a remote system (like your local workstation).

What is the motivation / use case for changing the behavior?

Googles certificates are badly configured. They give you an ip to connect to, but the ip of the server is not in the list of altnames in the certificate the server provides. You will get this error message when attempting to connect with rejectUnauthorized: true:

[ERROR] Error: Hostname/IP doesn't match certificate's altnames: "IP: X.X.X.X is not in the cert's list: "

Now one could possibly work around this with implementing a custom checkServerIdentity function for the tls connection by node which should be more secure than just rejectUnauthorized: false. Alas db-migrate expects configuration via a database.json, not javacript so I cannot implement the checkServerIdentity function.

So now to the question: How to read the config for db-migrate from a javacript file?

Environment

yarn list v1.10.1
├─ db-migrate-base@1.5.3
├─ db-migrate-pg@0.4.0
├─ db-migrate-shared@1.2.0
├─ db-migrate-sqlite3@0.3.1
└─ db-migrate@0.11.3
├─ db-migrate-pg@0.4.0
├─ pg-connection-string@0.1.3
├─ pg-pool@2.0.3
├─ pg-types@1.12.1
├─ pg@7.5.0
└─ pgpass@

Additional information:
- Node version: v8.12.0
- Platform:  Linux (Ubuntu 18.04)