[HACKERS] SSL and USER_CERT_FILE

Mark Woodward Thu, 15 May 2008 06:29:29 -0700

I am using PostgreSQL's SSL support and the conventions for the key and
certifications don't make sense from the client perspective. Especially
under Windows.


I am proposing a few simple changes:

Adding two API
void PQsetSSLUserCertFileName(char *filename)
{
    user_crt_filename = strdup(filename);
}
PQsetSSLUserKeyFileName(char *filename)
{
    user_key_filename = strdup(filename);
}

Adding two static vars in fe-secure.c

char *user_key_filename=NULL;
char *user_crt_filename=NULL;

In client_cert_cb(...)

Add:
if(user_crt_filename)
    strncpy(fnbuf, sizeof(fnbuf), user_crt_filename);
else
    snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_CERT_FILE);

and:

if(user_key_filename)
    strncpy(fnbuf, sizeof(fnbuf), user_key_filename);
else
    snprintf(fnbuf, sizeof(fnbuf), "%s/%s", homedir, USER_KEY_FILE);


The purpose of these changes is to make it easier to configure SSL in an
application which uses libpq.

Any comments?

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

[HACKERS] SSL and USER_CERT_FILE

Reply via email to