#643 allow to skip verification of TLS certs for Trino connection

sfu-db · Dec 9, 2024 · cff2d42 · cff2d42
1 parent 4fc8b25
commit cff2d42
Show file tree

Hide file tree

Showing 5 changed files with 30 additions and 108 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/connectorx-python/Cargo.lock b/connectorx-python/Cargo.lock
diff --git a/connectorx/Cargo.toml b/connectorx/Cargo.toml
@@ -57,7 +57,7 @@ urlencoding = {version = "2.1", optional = true}
 uuid = {version = "0.8", optional = true}
 j4rs = {version = "0.15", optional = true}
 datafusion = {version = "31", optional = true}
-prusto = {version = "0.5.1", optional = true}
+prusto = {version = "0.5.2", optional = true}
 serde = {version = "1", optional = true}
 
 [lib]

diff --git a/connectorx/src/sources/trino/mod.rs b/connectorx/src/sources/trino/mod.rs
@@ -89,9 +89,14 @@ impl TrinoSource {
             username => username,
         };
 
+        let no_verify = url
+            .query_pairs()
+            .any(|(k, v)| k == "verify" && v == "false");
+
         let builder = ClientBuilder::new(username, url.host().unwrap().to_owned())
             .port(url.port().unwrap_or(8080))
             .ssl(prusto::ssl::Ssl { root_cert: None })
+            .no_verify(no_verify)
             .secure(url.scheme() == "trino+https")
             .catalog(url.path_segments().unwrap().last().unwrap_or("hive"));
 

diff --git a/docs/databases/trino.md b/docs/databases/trino.md
@@ -1,10 +1,10 @@
 # Trino
 
-## Postgres Connection
+## Connection
 
 ```{hint}
-Using `trino+http` as connection protocol disables SSL for the connection. Example: `trino+http://host:port/catalog
-Notice that basic auth requires SSL for Trino.
+Using `trino+http` as connection protocol disables TLS for the connection. Example: `trino+http://host:port/catalog`
+Notice that Trino requires TLS for basic auth credentials. To use self-signed certificates, add `verify=false` like this: `trino+https://host:port/catalog?verify=false`
 ```
 
 ```py