TLS/SSL negotiation for PostgreSQL connections.
Implements the libpq-compatible SSLRequest handshake and the subsequent TLS handshake under both async backends:
- chronos: BearSSL-based TLS via chronos/streams/tlsstream, with custom trust anchor parsing (parseTrustAnchors) and X.509 capture for SCRAM-SHA-256-PLUS channel binding (installX509Capture).
- asyncdispatch: OpenSSL via std/net.wrapConnectedSocket, with PEM trust anchors written to a temp file and SSL_get_peer_certificate used for channel binding.
Re-exported through pg_connection.nim.
Procs
proc negotiateSSL(conn: PgConnection; config: ConnConfig): owned( Future[void]) {....stackTrace: false, raises: [Exception, SslError, ValueError, PgConnectionError, IOError], tags: [RootEffect, WriteIOEffect], forbids: [].}
- Send SSLRequest and negotiate TLS if server accepts.