Home > mailing lists

Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings - Mailing list pgsql-hackers

From	Christoph Berg
Subject	Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings
Date	January 9, 2020 15:48:55
Msg-id	20200109124855.GD4192@msg.df7cb.de Whole thread Raw
In response to	Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings (Christoph Berg <myon@debian.org>)
List	pgsql-hackers

Tree view

Re: To Andrew Dunstan 2020-01-09 <20200109103014.GA4192@msg.df7cb.de>
> I believe the options are still used in that case
> for creating connections, even when that means the remote server isn't
> set up for cert auth, which needs password_required=false to succeed.

They are indeed:

stat("/var/lib/postgresql/.postgresql/root.crt", 0x7ffcff3e2bb0) = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
stat("/foo", 0x7ffcff3e2bb0)            = -1 ENOENT (Datei oder Verzeichnis nicht gefunden)
      ^^^^ sslcert

I'm not sure if that could be exploited in any way, but let's just
forbid it.

Christoph

pgsql-hackers by date:

From: MBeena Emerson
Date: 09 January 2020, 15:12:19
Subject: Re: Error message inconsistency

From: Julien Rouhaud
Date: 09 January 2020, 16:34:10
Subject: Re: Add pg_file_sync() to adminpack

Re: Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings - Mailing list pgsql-hackers

Previous

Next