| From: | Terence Ferraro <terencejferraro(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | SSL certificate location |
| Date: | 2016-04-17 20:45:28 |
| Message-ID: | CAEghcWA0ds1EWwLUU=VT=1wrKuGPbVxJrFt7ssRmW-NJJ+kA0g@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I'm not sure if this may be of any utility value to anyone else, but, the
attached patch enables an environment variable to be provided to libpq to
specify where to find the SSL certificate/key files used for a secure
connection.
At the moment, if a user has multiple applications on a single machine
connecting with different SSL certificates, each process must be launched
by a different logical user and the certificates placed within that user's
home directory (and this is just for *nix, forget about Windows). The
current method is not scalable, either.
With the attached patch, the user just sets the environment variable e.g.
PGSQL_SSL_PATH=/home/test/cert_directory/app_1/ /usr/local/pgsql/bin/psql
-U postgres -h 127.0.0.1 -p 5432
PGSQL_SSL_PATH=/home/test/cert_directory/app_2/ /usr/local/pgsql/bin/psql
-U postgres -h 127.0.0.1 -p 5433
It follows the same existing conventions by looking for the actual
certificates within the .postgresql sub-directory of the provided path.
*Terence J. Ferraro*
| Attachment | Content-Type | Size |
|---|---|---|
| fe-secure-openssl.c.diff | text/plain | 2.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christoph Moench-Tegeder | 2016-04-17 21:32:03 | Re: SSL certificate location |
| Previous Message | Jeff Janes | 2016-04-17 20:03:34 | Re: GIN data corruption bug(s) in 9.6devel |