TLS/SSL negotiation for PostgreSQL connections.
Implements the libpq-compatible SSLRequest handshake and the subsequent TLS handshake under both async backends:
- chronos: BearSSL-based TLS via chronos/streams/tlsstream, with custom trust anchor parsing (parseTrustAnchors) and X.509 capture for SCRAM-SHA-256-PLUS channel binding (installX509Capture).
- asyncdispatch: OpenSSL via std/net.wrapConnectedSocket, with PEM trust anchors written to a temp file and SSL_get_peer_certificate used for channel binding.
Re-exported through pg_connection.nim.
Procs
proc negotiateSSL(conn: PgConnection; config: ConnConfig; sslHost: string): owned( Future[void]) {....stackTrace: false, raises: [Exception, PgConnectionError, SslError, ValueError, IOError], tags: [RootEffect, WriteIOEffect], forbids: [].}
- Send SSLRequest and negotiate TLS if server accepts. sslHost is the host name the server certificate is verified against (the entry's host, never its hostaddr — libpq semantics).