I am using PostgreSQL's SSL support and the conventions for the key and
certifications don't make sense from the client perspective. Especially
under Windows.
I am proposing a few simple changes:
Adding two API
void PQsetSSLUserCertFileName(char *filename)
{ user_crt_filename = strdup(filename);
}
PQsetSSLUserKeyFileName(char *filename)
{ user_key_filename = strdup(filename);
}
Adding two static vars in fe-secure.c
char *user_key_filename=NULL;
char *user_crt_filename=NULL;
In client_cert_cb(...)
Add:
if(user_crt_filename) strncpy(fnbuf, sizeof(fnbuf), user_crt_filename);
else snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);
and:
if(user_key_filename) strncpy(fnbuf, sizeof(fnbuf), user_key_filename);
else snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_KEY_FILE);
The purpose of these changes is to make it easier to configure SSL in an
application which uses libpq.
Any comments?