Error connecting to Google Cloud SQL

When running locally on my dev machine, my Node app is able to connect to my Google Cloud SQL postgres DB. But when I use identical credentials to connect from Fly.io, I get this error:

2022-06-13T10:52:43Z app[e45c8f11] lhr [info]PrismaClientInitializationError: Error opening a TLS connection: error:0308010C:digital envelope routines:func(128):unsupported:../deps/openssl/openssl/crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (RC2-40-CBC : 0), Properties ()
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]    at RequestHandler.request (/workspace/node_modules/@prisma/client/runtime/index.js:49028:15)
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]    at async PrismaClient._request (/workspace/node_modules/@prisma/client/runtime/index.js:49919:18)
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]    at async /workspace/.next/server/chunks/637.js:102:36
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]    at async /workspace/.next/server/chunks/637.js:334:7
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]    at async getStaticProps (/workspace/.next/server/pages/index.js:29:19)
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]    at async Object.renderToHTML (/workspace/node_modules/next/dist/server/render.js:492:20)
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]    at async doRender (/workspace/node_modules/next/dist/server/base-server.js:901:38)
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]    at async cacheEntry.responseCache.get.isManualRevalidate.isManualRevalidate (/workspace/node_modules/next/dist/server/base-server.js:1006:28)
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]    at async /workspace/node_modules/next/dist/server/response-cache.js:74:36 {
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]  clientVersion: '3.15.1',
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]  errorCode: undefined
2022-06-13T10:52:43Z app[e45c8f11] lhr [info]}

It’s a Node.js app that uses Prisma ORM to connect to a postgres DB on Google Cloud SQL. Prisma relies on an env var that looks like this:

DATABASE_URL="postgresql://DB_USER:DB_PASSWORD@HOST_IP:5432/DATABASE_NAME?sslmode=require&sslcert=./certs/server-ca.pem&sslidentity=./certs/client-identity.p12&sslpassword=SSL_PASSWORD"
  • I’ve double-checked this DATABASE_URL is set identically on my local machine and on Fly.io, and that the 2 cert files it needs are present on both environments at the correct path.
  • There is no IP restriction on the Google Cloud SQL database.
  • The Node version (18.2.0) is the same in both environments.

What could be different that is preventing me connecting when running on Fly?

I don’t know if you’ve since figured this out but if not I’d look at the openssl version. Given it appears to be some kind of SSL issue. So maybe compare this on your machine vs. the Fly vm (e.g from fly ssh console):

openssl version –a

Not sure why the version the Fly vm has would be a problem but at least that could be a start for debugging it.

Failing that … Google seem to push people towards using their proxy for some reason. So that would be an entirely different approach which would bypass this SSL problem: About the Cloud SQL Auth proxy  |  Cloud SQL for PostgreSQL  |  Google Cloud