| From: | Dave Cramer <davecramer(at)postgres(dot)rocks> |
|---|---|
| To: | harinath kanchu <kanchuharinath(at)gmail(dot)com> |
| Cc: | pgsql-jdbc(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Patch for supporting PEM based certs and keys |
| Date: | 2025-07-01 18:49:37 |
| Message-ID: | CADK3HHL0iyWCCpq2R6N1-JGyjczjtJmk9krFU=5gtTfT8GEaMA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
As you have surmised, we do not accept patches in this form.
Dave Cramer
www.postgres.rocks
On Fri, 27 Jun 2025 at 13:14, harinath kanchu <kanchuharinath(at)gmail(dot)com>
wrote:
> Hello Pgjdbc community,
>
> I found that PGJDBC currently lacks support for PEM based certs and keys.
>
> We have a use case where PEM files are auto renewed on disk and
> converting them to DER format requires running something that watches
> files on disk and auto-converts to DER.
>
> Hence I would like to propose a patch for supporting PEM based certs, keys.
>
> This is the approach for adding the support,
>
> - Introduce a new PEMKeyManager which implements X509KeyManager.
> - PEMKeyManager will have the logic for extracting the BASE64 encoded
> DER bytes to convert into private key using key algorithm specified by
> property PGProperty.PEM_KEY_ALGORITHM.
> - PEMKeyManager will read the PEM based cert chain using
> CertificateFactory to get the X509Certificate chain.
> - Now LibPQFactory can initialize PEMKeyManager if the SSL Keyfile
> ends with .key or .pem
>
> I am attaching a patch file which also contains new test cases for PEM
> based certs, keys. Please take a look.
>
> Thanks.
>
> Regards,
> Harinath
>
| From | Date | Subject | |
|---|---|---|---|
| Previous Message | harinath kanchu | 2025-07-01 17:06:42 | Re: Patch for supporting PEM based certs and keys |