Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
invalid peer certificate: UnsupportedCertVersion
See original GitHub issueI’m not entirely sure where the fault here lies, but I’m having problems connecting to a database over TLS with deno-postgres.
I’ve put together this code to connect to the database based off the example in the docs (https://deno-postgres.com/#/?id=ssltls-connection):
const cert = await Deno.readTextFile(
new URL("./postgres.crt", import.meta.url),
),
config = {
user: "postgres",
password: Deno.env.get("POSTGRES_PWD"),
hostname: Deno.env.get("POSTGRES_HOST"),
port: "6543",
database: "postgres",
tls: { caCertificates: [cert] },
},
pool = new postgres.Pool(config, 3, true);
The postgres.crt file is an SSL certificate downloaded from within the database’s Supabase dashboard:
When I run the script, I get this error:
Sending fatal alert BadCertificate
TLS connection failed with message: invalid peer certificate contents: invalid peer certificate: UnsupportedCertVersion
Defaulting to non-encrypted connection
This is happening both when I run the script locally and on Deno Deploy.
The only other reference to this error message I could find was https://github.com/denoland/deno/issues/13350, so it may be related.
Thanks.
Edit: I get the same error both with and without including tls: { caCertificates: [cert] } in the config on Deno v1.18.1. If I downgrade to Deno v1.15.0 to test I get the following error (again both with and without adding the cert to the config):
Sending fatal alert DecodeError
TLS connection failed with message: invalid certificate: BadDER
Everything else seems to work, i.e. I can perform database operations successfully, but the TLS connection is failing.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:9
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
The point of
caCertificatesis to add a certificate authority to your certificate store. This works if your certificate is self signed, because it tells Deno that the authority for that certificate is indeed trustedThe problem with your certificate is a different one however (
UnsupportedCertVersion) so Deno can’t add it to the list of trusted authorities, because it isn’t a valid certificate in the first placeI heard back from Supabase a few days ago, they’ve given my DB a V3 cert which fixed the issue. They say that all new databases will have the V3 certs by default, and older DBs will be gradually updated over time.