> [EMAIL PROTECTED] wrote: >> > [EMAIL PROTECTED] writes: >> >> Maybe we need to go even further and add it to the PQconnect API >> >> sslkey=filename and sslcrt=filename in addition to sslmode? >> > >> > If there's a case to be made for this at all, it should be handled >> > the same way as all other libpq connection parameters. >> > >> > regards, tom lane >> > >> >> Here's the use case: >> >> I have an application that must connect to multiple PostgreSQL >> databases and must use secure communications and the SSL keys are >> under the control of the business units the administer the databases, >> not me. In addition my application also communicates with other SSL >> enabled versions of itself. >> >> I think you would agree that a hard coded immutable location for >> "client" interface is problematic. > > I agree fully with the use-case. Most of the other things we allow both > as connection parameters and as environment variables, so we should do > that IMHO. What could be debated is if we should also somehow allow it > to be specified in .pgpass for example? >
I am testing a patch that is currently against the 8.2 series. It implements in PQconnectdb(...) sslmode=require sslkey=client.key sslcert=client.crt ssltrustcrt=certs.pem sslcrl=crl.pem" BTW: the revocation list probably never worked in the client. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
