pg_ssl - Mailing list pgsql-hackers

From Steve
Subject pg_ssl
Date
Msg-id 1e031be5-2973-daf6-c207-9a2f8b7f6eca@osfda.org
Whole thread Raw
Responses Re: pg_ssl
Re: pg_ssl
pg_ssl_init
List pgsql-hackers

As you might know, generating SSL certificates for postgres (to be used by pgadmin, for example...) can be quite a bear; especially if you need more than one, since they are based on the username of the postgres user.

I have made two command-line utilities written in python 3.6 to do just that (I, as a number of other developers do, appreciate python for its ease of code inspection...); one is called pg_ssl_server, and the other is called pg_ssl_client. Packaged together, they are referred to by the name "pg_ssl". They are issued under the postgres license.

They have been tested out on Ubuntu 18 and python 3.6.7 with postgres 11. They were designed to be cross-platform, but they have not been tested yet on Windows, OSx, BSD, or distros other than Ubuntu. [My immediate concern is with their ability to run cross-platform; as for downlevel versions of postgres or python, that is not a priority right now. The "subprocess" module in python used by the utilities has inconsistencies working cross-platform in older versions of python; _for now_, people should just upgrade if they really need to use them...]

If anyone would be interested in testing these and sending back a notice as to what problems were encountered on their platform, it would be much appreciated. The availability of these utilities will remove a rather rough spot from the administration of postgres. To keep noise on this mail thread to a minimum, please report any problems encountered directly to my address.

Also, if anyone is a security fanatic and facile with python, a code review would not be a bad idea (the two utilities check in at ~1,500 lines; but since it's python, it's an easy read...)

The latest version of the utility can be retrieved here: https://osfda.org/downloads/pg_ssl.zip

You can also use the Contact Form at osfda.org to report issues.


pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: generate documentation keywords table automatically
Next
From: David Fetter
Date:
Subject: Re: [PATCH v1] Add \echo_stderr to psql