Home > mailing lists

SSL and USER_CERT_FILE - Mailing list pgsql-hackers

From	Mark Woodward
Subject	SSL and USER_CERT_FILE
Date	May 15, 2008 13:28:56
Msg-id	47057.24.60.196.157.1210855652.squirrel@mail.mohawksoft.com Whole thread Raw
Responses	Re: SSL and USER_CERT_FILE (Andrew Dunstan <andrew@dunslane.net>)
List	pgsql-hackers

Tree view

I am using PostgreSQL's SSL support and the conventions for the key and
certifications don't make sense from the client perspective. Especially
under Windows.

I am proposing a few simple changes:

Adding two API
void PQsetSSLUserCertFileName(char *filename)
{   user_crt_filename = strdup(filename);
}
PQsetSSLUserKeyFileName(char *filename)
{   user_key_filename = strdup(filename);
}

Adding two static vars in fe-secure.c

char *user_key_filename=NULL;
char *user_crt_filename=NULL;

In client_cert_cb(...)

Add:
if(user_crt_filename)   strncpy(fnbuf, sizeof(fnbuf), user_crt_filename);
else   snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);

and:

if(user_key_filename)   strncpy(fnbuf, sizeof(fnbuf), user_key_filename);
else   snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_KEY_FILE);


The purpose of these changes is to make it easier to configure SSL in an
application which uses libpq.

Any comments?

pgsql-hackers by date:

From: Nikhils
Date: 15 May 2008, 09:29:31
Subject: Re: Can't t compile current HEAD

From: Andrew Dunstan
Date: 15 May 2008, 13:53:36
Subject: Re: SSL and USER_CERT_FILE

SSL and USER_CERT_FILE - Mailing list pgsql-hackers

Previous

Next