| From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
|---|---|
| To: | Mark Woodward <pgsql(at)mohawksoft(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: SSL and USER_CERT_FILE |
| Date: | 2008-05-15 13:52:29 |
| Message-ID: | 482C401D.6030808@dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Mark Woodward wrote:
> I am using PostgreSQL's SSL support and the conventions for the key and
> certifications don't make sense from the client perspective. Especially
> under Windows.
>
> I am proposing a few simple changes:
>
> Adding two API
> void PQsetSSLUserCertFileName(char *filename)
> {
> user_crt_filename = strdup(filename);
> }
> PQsetSSLUserKeyFileName(char *filename)
> {
> user_key_filename = strdup(filename);
> }
>
>
>
[snip]
> Any comments?
>
>
I think it would probably be much better to allow for some environment
variables to specify the locations of the client certificate and key
(and the CA cert and CRL) - c.f. PGPASSFILE.
That way not only could these be set by C programs but by any libpq user
(I'm sure driver writers who use libpq don't want to have to bother with
this stuff.) And we wouldn't need to change the API at all.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | pgsql | 2008-05-15 13:53:13 | Re: SSL and USER_CERT_FILE |
| Previous Message | pgsql | 2008-05-15 13:49:58 | Re: SSL and USER_CERT_FILE |