Quick Links

Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings

From:	Christoph Berg <myon(at)debian(dot)org>
To:	Andrew Dunstan <andrew(dot)dunstan(at)2ndquadrant(dot)com>
Cc:	PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject:	Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings
Date:	2020-01-09 12:48:55
Message-ID:	20200109124855.GD4192@msg.df7cb.de
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Re: To Andrew Dunstan 2020-01-09 <20200109103014(dot)GA4192(at)msg(dot)df7cb(dot)de>
> I believe the options are still used in that case
> for creating connections, even when that means the remote server isn't
> set up for cert auth, which needs password_required=false to succeed.

They are indeed:

stat("/var/lib/postgresql/.postgresql/root.crt", 0x7ffcff3e2bb0) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
stat("/foo", 0x7ffcff3e2bb0) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
^^^^ sslcert

I'm not sure if that could be exploited in any way, but let's just
forbid it.

Christoph

In response to

Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings at 2020-01-09 10:30:14 from Christoph Berg

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Julien Rouhaud	2020-01-09 13:34:10	Re: Add pg_file_sync() to adminpack
Previous Message	MBeena Emerson	2020-01-09 12:12:19	Re: Error message inconsistency