From 4ac6a9f0894eb90afdc8740a9fa6707656af47ba Mon Sep 17 00:00:00 2001
From: Stas Kelvich <stas.kelvich@gmail.com>
Date: Fri, 28 Apr 2023 13:11:02 +0300
Subject: [PATCH] add backward compatibility to proxy

---
 proxy/src/auth/backend/link.rs | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/proxy/src/auth/backend/link.rs b/proxy/src/auth/backend/link.rs
index e588f67693..da43cf11c4 100644
--- a/proxy/src/auth/backend/link.rs
+++ b/proxy/src/auth/backend/link.rs
@@ -86,8 +86,17 @@ pub(super) async fn authenticate(
         .host(&db_info.host)
         .port(db_info.port)
         .dbname(&db_info.dbname)
-        .user(&db_info.user)
-        .ssl_mode(SslMode::Require); // we need TLS connection with SNI to properly route it
+        .user(&db_info.user);
+
+    // Backwards compatibility. pg_sni_proxy uses "--" in domain names
+    // while direct connections do not. Once we migrate to pg_sni_proxy
+    // everywhere, we can remove this.
+    if db_info.host.contains("--") {
+        // we need TLS connection with SNI info to properly route it
+        config.ssl_mode(SslMode::Require);
+    } else {
+        config.ssl_mode(SslMode::Disable);
+    }
 
     if let Some(password) = db_info.password {
         config.password(password.as_ref());