connection requires a valid client certificate

[takeseem]

Version: Deno x.x.x

$ deno --version
deno 2.0.2 (stable, release, x86_64-unknown-linux-gnu)
v8 12.9.202.13-rusty
typescript 5.6.2

dependencies:

"@types/pg": "^8.11.11",
    "@types/pg-pool": "^2.0.6",
    "pg": "^8.13.3",
    "pg-pool": "^3.7.1"

 ⨯ Failed to handle request for /api/query?id=100
 GET /api/query?id=100 500 in 816ms
error: Uncaught TypeError: (0 , _module.findSourceMap) is not a function
    at getSourcemappedFrameIfPossible (file:///data/workspace/node/benchmark-app/node_modules/.pnpm/[email protected][email protected][email protected][email protected]/node_modules/next/dist/server/patch-error-inspect.js:163:90)
    at parseAndSourceMap (file:///data/workspace/node/benchmark-app/node_modules/.pnpm/[email protected][email protected][email protected][email protected]/node_modules/next/dist/server/patch-error-inspect.js:265:39)
    at sourceMapError (file:///data/workspace/node/benchmark-app/node_modules/.pnpm/[email protected][email protected][email protected][email protected]/node_modules/next/dist/server/patch-error-inspect.js:288:22)
    at file:///data/workspace/node/benchmark-app/node_modules/.pnpm/[email protected][email protected][email protected][email protected]/node_modules/next/dist/server/patch-error-inspect.js:306:30
    at AsyncLocalStorage.exit (node:async_hooks:81:14)
    at TypeError.errorConstructor.<computed> (file:///data/workspace/node/benchmark-app/node_modules/.pnpm/[email protected][email protected][email protected][email protected]/node_modules/next/dist/server/patch-error-inspect.js:305:67)
    at formatValue (ext:deno_console/01_console.js:505:21)
    at inspectArgs (ext:deno_console/01_console.js:3070:17)
    at console.error (ext:deno_console/01_console.js:3191:7)
    at console.error (file:///data/workspace/node/benchmark-app/node_modules/.pnpm/[email protected][email protected][email protected][email protected]/node_modules/next/dist/compiled/next-server/app-page.runtime.dev.js:98:12057)
    at console.error (file:///data/workspace/node/benchmark-app/node_modules/.pnpm/[email protected][email protected][email protected][email protected]/node_modules/next/dist/compiled/next-server/app-page.runtime.dev.js:106:12719)
    at Process.exception (file:///data/workspace/node/benchmark-app/node_modules/.pnpm/[email protected][email protected][email protected][email protected]/node_modules/next/dist/server/lib/start-server.js:267:29)
    at Process.emit (ext:deno_node/_events.mjs:405:35)
    at Process.emit (node:process:414:40)
    at Object.internals.nodeProcessUnhandledRejectionCallback (node:process:631:15)
    at processUnhandledPromiseRejection (ext:runtime_main/js/99_main.js:398:15)
    at eventLoopTick (ext:core/01_core.js:225:25)

[marvinhagemeister]

Does the error occur in Deno 2.1.10 too?

[takeseem]

$ deno --version
deno 2.1.10 (stable, release, x86_64-unknown-linux-gnu)
v8 13.0.245.12-rusty
typescript 5.6.2

pg query code: const rs = await pool.query('select * from bm_test1 where id = $1', [id]);

console error:

 ⨯ TypeError: Cannot read properties of undefined (reading 'bold')
    at formatValue (ext:deno_console/01_console.js:505:21)
    at inspectArgs (ext:deno_console/01_console.js:3071:17)
    at console.error (ext:deno_console/01_console.js:3192:7)
    at eventLoopTick (ext:core/01_core.js:177:7) {
  page: "/api/query"
}

[takeseem]

create or replace function update_ut_col() returns trigger as $$
  begin
    if new.* is not distinct from old.* then
      return null;  -- 无变化时什么也不做包括创建新版本数据，如果 return old 实际依然会创建新版本数据
    end if;

    new.ut = current_timestamp;
    return new;
  end;
$$ language plpgsql;

-- 用户表
create table if not exists bm_test1 (
	id bigint generated always as identity primary key,
	ct timestamp not null default current_timestamp,
	ut timestamp not null default current_timestamp,
	name varchar(64)
);
create trigger update_ut before update on bm_test1 for each row execute function update_ut_col();

-- 清空数据;


-- 初始化数据;
insert into bm_test1 (name) values ('test1'), ('test2'), ('test3'), ('test4'), ('test5'),
  ('test6'), ('test7'), ('test8'), ('test9'), ('test10');

[marvinhagemeister]

Right, sounds like the original issue is fixed. The other one you're seeing now sounds similar to #26584 . There is essentially code somewhere in the dependency tree that relies un unsafe prototype assignment. The workaround is to add this to deno.json:

{
  "unstable": ["unsafe-proto"]
}

[takeseem]

my code is run ok in pnpm. pg with ssl verify-full

DATABASE_URL=postgresql://dev:[email protected]:5432/benchmark_app?sslmode=verify-full&sslrootcert=/data/mydocker/dev-env/pg-etc/ssl/root.prd.crt&sslcert=/data/mydocker/dev-env/pg-etc/ssl/pg.client.dev-all.crt&sslkey=/data/mydocker/dev-env/pg-etc/ssl/pg.client.dev.prd.key

$ pnpm -v
9.15.4
$ node -v
v23.8.0

after deno.json with

{
  "unstable": ["unsafe-proto"]
}

error is

getById(100)
 ⨯ error: connection requires a valid client certificate
    at eventLoopTick (ext:core/01_core.js:177:7)
    at async Module.getById (file:/data/workspace/node/benchmark-app/src/dao/test1.ts:13:13)
    at async GET (file:/data/workspace/node/benchmark-app/src/app/api/%5Btype%5D/route.ts:20:17)
  11 | export async function getById(id: number): Promise<Test1 | null> {
  12 |   console.log(`getById(${id})`);
> 13 |   const rs = await pool.query('select * from bm_test1 where id = 1');
     |             ^
  14 |   console.log(`getById(${id}) rs: ${rs.rows.length}`);
  15 |   return rs.rows[0] ?? null;
  16 | } {
  length: 109,
  name: "error",
  severity: "FATAL",
  code: "28000",
  detail: undefined,
  hint: undefined,
  position: undefined,
  internalPosition: undefined,
  internalQuery: undefined,
  where: undefined,
  schema: undefined,
  table: undefined,
  column: undefined,
  dataType: undefined,
  constraint: undefined,
  file: "auth.c",
  line: "417",
  routine: "ClientAuthentication"
}
 ⨯ error: connection requires a valid client certificate
    at eventLoopTick (ext:core/01_core.js:177:7)
    at async Module.getById (file:/data/workspace/node/benchmark-app/src/dao/test1.ts:13:13)
    at async GET (file:/data/workspace/node/benchmark-app/src/app/api/%5Btype%5D/route.ts:20:17)
  11 | export async function getById(id: number): Promise<Test1 | null> {
  12 |   console.log(`getById(${id})`);
> 13 |   const rs = await pool.query('select * from bm_test1 where id = 1');
     |             ^
  14 |   console.log(`getById(${id}) rs: ${rs.rows.length}`);
  15 |   return rs.rows[0] ?? null;
  16 | } {
  length: 109,
  name: "error",
  severity: "FATAL",
  code: "28000",
  detail: undefined,
  hint: undefined,
  position: undefined,
  internalPosition: undefined,
  internalQuery: undefined,
  where: undefined,
  schema: undefined,
  table: undefined,
  column: undefined,
  dataType: undefined,
  constraint: undefined,
  file: "auth.c",
  line: "417",
  routine: "ClientAuthentication"
}
 GET /api/query?id=100 500 in 51ms

[takeseem]

test: verify-ca

DATABASE_URL=postgresql://dev:[email protected]:5432/benchmark_app?sslmode=verify-ca&sslrootcert=/data/mydocker/dev-env/pg-etc/ssl/root.prd.crt

the code run ok.

my crt an key gen code

openssl req -new -nodes -text -out $myClient.csr -keyout $myClient.key \
  -subj "/O=takeseem/OU=prd.pg.client/CN=$myuser"

openssl x509 -req -in $myClient.csr -text -days 7300 \
  -CA $myInter.crt -CAkey $myInter.key -CAcreateserial -out $myClient.crt
cat $myClient.crt $myInter.crt > $myClient-all.crt

[takeseem]

db.ts

import 'server-only';
import * as pg from 'pg';

const connectionString = process.env.DATABASE_URL!;
console.log(`Connecting to ${connectionString}`);

const url = URL.parse(process.env.DATABASE_URL!)!;
const ssl = {
  ca: url.searchParams.get('sslrootcert')!,
  key: url.searchParams.get('sslkey')!,
  cert: url.searchParams.get('sslcert')!,
};
console.log(`SSL: ${JSON.stringify(ssl)}`);
export const pool = new pg.Pool({
  connectionString,
  ssl: ssl,
});

[takeseem]

https://github.com/takeseem/benchmark-app