| From: | pgsql(at)mohawksoft(dot)com |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql(at)mohawksoft(dot)com, "Andrew Dunstan" <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SSL and USER_CERT_FILE |
| Date: | 2008-05-15 13:49:58 |
| Message-ID: | 37040.24.60.196.157.1210859398.squirrel@mail.mohawksoft.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> pgsql(at)mohawksoft(dot)com writes:
>> Maybe we need to go even further and add it to the PQconnect API
>> sslkey=filename and sslcrt=filename in addition to sslmode?
>
> If there's a case to be made for this at all, it should be handled the
> same way as all other libpq connection parameters.
>
> regards, tom lane
>
Here's the use case:
I have an application that must connect to multiple PostgreSQL databases
and must use secure communications and the SSL keys are under the control
of the business units the administer the databases, not me. In addition my
application also communicates with other SSL enabled versions of itself.
I think you would agree that a hard coded immutable location for "client"
interface is problematic.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2008-05-15 13:52:29 | Re: SSL and USER_CERT_FILE |
| Previous Message | pgsql | 2008-05-15 13:31:10 | Re: SSL and USER_CERT_FILE |