encoredev · ekerfelt · Jan 10, 2025 · Jan 10, 2025 · Jan 10, 2025
diff --git a/proto/encore/runtime/v1/infra.pb.go b/proto/encore/runtime/v1/infra.pb.go
diff --git a/proto/encore/runtime/v1/infra.proto b/proto/encore/runtime/v1/infra.proto
@@ -53,6 +53,10 @@ message TLSConfig {
   // If invalid hostnames are trusted, *any* valid certificate for *any* site will be trusted for use.
   // This introduces significant vulnerabilities, and should only be used as a last resort.
   bool disable_tls_hostname_verification = 2;
+
+  // If true, skips CA cert validation when connecting.
+  // This introduces significant vulnerabilities, and should only be used as a last resort.
+  bool disable_ca_validation = 3;
 }
 
 message SQLServer {

diff --git a/runtimes/core/src/infracfg.rs b/runtimes/core/src/infracfg.rs
@@ -183,10 +183,13 @@ pub struct TLSConfig {
     pub client_cert: Option<ClientCert>,
     #[serde(default)]
     pub disable_tls_hostname_verification: bool,
+    #[serde(default)]
+    pub disable_ca_validation: bool,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
 pub struct SQLDatabase {
+    pub name: Option<String>,
     pub max_connections: Option<i32>,
     pub min_connections: Option<i32>,
     pub username: String,
@@ -651,7 +654,7 @@ pub fn map_infra_to_runtime(infra: InfraConfig) -> RuntimeConfig {
                         SqlDatabase {
                             rid: get_next_rid(),
                             encore_name: name.clone(),
-                            cloud_name: name,
+                            cloud_name: db.name.unwrap_or(name),
                             conn_pools: vec![SqlConnectionPool {
                                 is_readonly: false,
                                 role_rid,
@@ -676,6 +679,7 @@ pub fn map_infra_to_runtime(infra: InfraConfig) -> RuntimeConfig {
                                     server_ca_cert: tls.ca,
                                     disable_tls_hostname_verification: tls
                                         .disable_tls_hostname_verification,
+                                    disable_ca_validation: tls.disable_ca_validation,
                                 }),
                             },
                         ),
@@ -754,6 +758,7 @@ pub fn map_infra_to_runtime(infra: InfraConfig) -> RuntimeConfig {
                                     server_ca_cert: tls.ca,
                                     disable_tls_hostname_verification: tls
                                         .disable_tls_hostname_verification,
+                                    disable_ca_validation: tls.disable_ca_validation,
                                 }),
                             },
                         ),

diff --git a/runtimes/core/src/sqldb/manager.rs b/runtimes/core/src/sqldb/manager.rs
@@ -320,6 +320,9 @@ fn databases_from_cfg(
                 if tls_config.disable_tls_hostname_verification {
                     tls_builder.danger_accept_invalid_hostnames(true);
                 }
+                if tls_config.disable_ca_validation {
+                    tls_builder.danger_accept_invalid_certs(true);
+                }
             } else {
                 config.ssl_mode(tokio_postgres::config::SslMode::Disable);
             }

diff --git a/runtimes/go/appruntime/exported/config/infra/config.go b/runtimes/go/appruntime/exported/config/infra/config.go
@@ -472,13 +472,15 @@ type TLSConfig struct {
 	CA                             string      `json:"ca,omitempty"`
 	ClientCert                     *ClientCert `json:"client_cert,omitempty"`
 	DisableTLSHostnameVerification bool        `json:"disable_tls_hostname_verification,omitempty"`
+	DisableCAValidation            bool        `json:"disable_ca_validation,omitempty"`
 }
 
 func (t *TLSConfig) Validate(v *validator) {
 	v.ValidateChild("client_cert", t.ClientCert)
 }
 
 type SQLDatabase struct {
+	Name           string      `json:"name,omitempty"`
 	MaxConnections int         `json:"max_connections,omitempty"`
 	MinConnections int         `json:"min_connections,omitempty"`
 	Username       EnvString   `json:"username,omitempty"`

diff --git a/runtimes/go/appruntime/exported/config/parse.go b/runtimes/go/appruntime/exported/config/parse.go
@@ -227,7 +227,7 @@ func parseInfraConfigEnv(infraCfgPath string) *Runtime {
 		for dbName, db := range sqlServer.Databases {
 			cfg.SQLDatabases = append(cfg.SQLDatabases, &SQLDatabase{
 				ServerID:       i,
-				EncoreName:     dbName,
+				EncoreName:     orDefault(db.Name, dbName),
 				DatabaseName:   dbName,
 				User:           db.Username.Value(),
 				Password:       db.Password.Value(),

diff --git a/tsparser/litparser-derive/src/lib.rs b/tsparser/litparser-derive/src/lib.rs
@@ -254,7 +254,7 @@ fn is_optional(ty: &syn::Type) -> bool {
             path: syn::Path { segments, .. },
         }) => {
             // Return true if the last path segment is "Option".
-            segments.last().map_or(false, |seg| seg.ident == "Option")
+            segments.last().is_some_and(|seg| seg.ident == "Option")
         }
         _ => false,
     }