allow unverified certificate

[amitu]

Doc PR: fastn-stack/fastn.com#470

When connecting to PostgreSQL we currently support 1. unencrypted connection, and 2. verified certificate.

Heroku does not allow unencrypted connection, and the certificate they issue is self signed (I think), so can not be verified.

To support Heroku PostgreSQL we have added FASTN_PG_DANGER_ALLOW_UNVERIFIED_CERTIFICATE. If this environment variable is present, set to true, unverified certificate would be be accepted.

Using this environment variable is a bad idea and right certificate should be used in production using FASTN_PG_CERTIFICATE environment variable.

[amitu]

Having said that, I have not been able to figure out how to use the root certificate Heroku published. As per their docs the certificates are available at /etc/ssl/certs/ca-certificates.crt. But if I download it and try to use it:

heroku ps:copy /etc/ssl/certs/ca-certificates.crt -a fastn-todo-app
export FASTN_PG_CERTIFICATE=ca-certificates.crt
fastn serve --edition=2023

I get the following error:

WARN: FASTN_PG_DANGER_ALLOW_UNVERIFIED_CERTIFICATE is set to true, this is not recommended for production use
thread 'actix-server worker 2' panicked at /Users/amitu/Projects/fastn/fastn-core/src/library2022/processor/pg.rs:62:61:
called `Result::unwrap()` on an `Err` value: Error { code: -50, message: "One or more parameters passed to a function were not valid." }