It would be great if PostgreSQL’s
sslmode=require could be supported. It is documented here.It basically says that the client will trust any SSL certificate, but it has to be a valid certificate. This is not as strong as the currently supported TLS support (which requires a client certificate), but is still useful as the traffic is encrypted.
It seems that the fix would be to allow only
sslRejectUnauthorized to be set, but not require the CA, KEY and CERT variables to be set. See Db.ts, lines 49-56. I have never used typeorm myself, but I gather that should be sufficient from this Stackoverflow answer.