| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: pgsql: Allow root-owned SSL private keys in libpq, not only the backend |
| Date: | 2022-03-31 07:34:24 |
| Message-ID: | 7f85ef6d-250b-f5ec-9867-89f0b16d019f@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
On 02.03.22 17:57, Tom Lane wrote:
> Allow root-owned SSL private keys in libpq, not only the backend.
>
> This change makes libpq apply the same private-key-file ownership
> and permissions checks that we have used in the backend since commit
> 9a83564c5. Namely, that the private key can be owned by either the
> current user or root (with different file permissions allowed in the
> two cases). This allows system-wide management of key files, which
> is just as sensible on the client side as the server, particularly
> when the client is itself some application daemon.
>
> Sync the comments about this between libpq and the backend, too.
>
> Back-patch of a59c79564 and 50f03473e into all supported branches.
I think this
libpq_gettext("private key file \"%s\" is not a regular file"),
should have a trailing newline in the string.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2022-03-31 07:43:47 | Re: pgsql: Add 'basebackup_to_shell' contrib module. |
| Previous Message | Andres Freund | 2022-03-31 05:25:00 | Re: pgsql: Add 'basebackup_to_shell' contrib module. |