Skip to content

Commit b497453

Browse files
authored
Obsolete Trust Server Certificate connection string parameter (#5176)
Closes #4010
1 parent 0124e0a commit b497453

5 files changed

Lines changed: 128 additions & 115 deletions

File tree

src/Npgsql/Internal/NpgsqlConnector.cs

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -897,9 +897,6 @@ internal async Task NegotiateEncryption(SslMode sslMode, NpgsqlTimeout timeout,
897897
}
898898
else if (sslMode is SslMode.Prefer or SslMode.Require)
899899
{
900-
if (isFirstAttempt && sslMode is SslMode.Require && !Settings.TrustServerCertificate)
901-
throw new ArgumentException(NpgsqlStrings.CannotUseSslModeRequireWithoutTrustServerCertificate);
902-
903900
certificateValidationCallback = SslTrustServerValidation;
904901
checkCertificateRevocation = false;
905902
}

src/Npgsql/NpgsqlConnectionStringBuilder.cs

Lines changed: 19 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -450,24 +450,6 @@ public SslMode SslMode
450450
}
451451
SslMode _sslMode;
452452

453-
/// <summary>
454-
/// Whether to trust the server certificate without validating it.
455-
/// </summary>
456-
[Category("Security")]
457-
[Description("Whether to trust the server certificate without validating it.")]
458-
[DisplayName("Trust Server Certificate")]
459-
[NpgsqlConnectionStringProperty]
460-
public bool TrustServerCertificate
461-
{
462-
get => _trustServerCertificate;
463-
set
464-
{
465-
_trustServerCertificate = value;
466-
SetValue(nameof(TrustServerCertificate), value);
467-
}
468-
}
469-
bool _trustServerCertificate;
470-
471453
/// <summary>
472454
/// Location of a client certificate to be sent to the server.
473455
/// </summary>
@@ -1573,6 +1555,25 @@ public bool IncludeErrorDetails
15731555
set => IncludeErrorDetail = value;
15741556
}
15751557

1558+
/// <summary>
1559+
/// Whether to trust the server certificate without validating it.
1560+
/// </summary>
1561+
[Category("Security")]
1562+
[Description("Whether to trust the server certificate without validating it.")]
1563+
[DisplayName("Trust Server Certificate")]
1564+
[Obsolete("The TrustServerCertificate parameter is no longer needed and does nothing.")]
1565+
[NpgsqlConnectionStringProperty]
1566+
public bool TrustServerCertificate
1567+
{
1568+
get => _trustServerCertificate;
1569+
set
1570+
{
1571+
_trustServerCertificate = value;
1572+
SetValue(nameof(TrustServerCertificate), value);
1573+
}
1574+
}
1575+
bool _trustServerCertificate;
1576+
15761577
#endregion
15771578

15781579
#region Misc
@@ -1583,8 +1584,6 @@ internal void PostProcessAndValidate()
15831584
throw new ArgumentException("Host can't be null");
15841585
if (Multiplexing && !Pooling)
15851586
throw new ArgumentException("Pooling must be on to use multiplexing");
1586-
if (TrustServerCertificate && SslMode is SslMode.Allow or SslMode.VerifyCA or SslMode.VerifyFull)
1587-
throw new ArgumentException(NpgsqlStrings.CannotUseTrustServerCertificate);
15881587

15891588
if (!Host.Contains(','))
15901589
{

src/Npgsql/Properties/NpgsqlStrings.Designer.cs

Lines changed: 109 additions & 56 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/Npgsql/Properties/NpgsqlStrings.resx

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,12 +24,6 @@
2424
<data name="CannotUseSslRootCertificateWithUserCallback" xml:space="preserve">
2525
<value>RootCertificate cannot be used in conjunction with UserCertificateValidationCallback; when registering a validation callback, perform whatever validation you require in that callback.</value>
2626
</data>
27-
<data name="CannotUseSslModeRequireWithoutTrustServerCertificate" xml:space="preserve">
28-
<value>To validate server certificates, please use VerifyFull or VerifyCA instead of Require. To disable validation, explicitly set 'Trust Server Certificate' to true. See https://www.npgsql.org/doc/release-notes/6.0.html for more details.</value>
29-
</data>
30-
<data name="CannotUseTrustServerCertificate" xml:space="preserve">
31-
<value>TrustServerCertificate=true is not supported with SslMode={0}</value>
32-
</data>
3327
<data name="EncryptionDisabled" xml:space="preserve">
3428
<value>NpgsqlSlimDataSourceBuilder is being used, and encryption hasn't been enabled, call EnableEncryption() on NpgsqlSlimDataSourceBuilder to enable it.</value>
3529
</data>

0 commit comments

Comments
 (0)