Home > mailing lists

Re: pgsql: Allow root-owned SSL private keys in libpq, not only the backend - Mailing list pgsql-committers

From	Peter Eisentraut
Subject	Re: pgsql: Allow root-owned SSL private keys in libpq, not only the backend
Date	March 31, 2022 10:34:24
Msg-id	7f85ef6d-250b-f5ec-9867-89f0b16d019f@enterprisedb.com Whole thread Raw
In response to	pgsql: Allow root-owned SSL private keys in libpq, not only the backend (Tom Lane <tgl@sss.pgh.pa.us>)
Responses	Re: pgsql: Allow root-owned SSL private keys in libpq, not only the backend (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-committers

Tree view

On 02.03.22 17:57, Tom Lane wrote:
> Allow root-owned SSL private keys in libpq, not only the backend.
> 
> This change makes libpq apply the same private-key-file ownership
> and permissions checks that we have used in the backend since commit
> 9a83564c5.  Namely, that the private key can be owned by either the
> current user or root (with different file permissions allowed in the
> two cases).  This allows system-wide management of key files, which
> is just as sensible on the client side as the server, particularly
> when the client is itself some application daemon.
> 
> Sync the comments about this between libpq and the backend, too.
> 
> Back-patch of a59c79564 and 50f03473e into all supported branches.

I think this

     libpq_gettext("private key file \"%s\" is not a regular file"),

should have a trailing newline in the string.

pgsql-committers by date:

From: Amit Kapila
Date: 31 March 2022, 06:09:22
Subject: pgsql: Raise a WARNING for missing publications.

From: Daniel Gustafsson
Date: 31 March 2022, 12:26:04
Subject: pgsql: Add diagnostic output on error in pump_until

Re: pgsql: Allow root-owned SSL private keys in libpq, not only the backend - Mailing list pgsql-committers

Previous

Next