Re: Allow root ownership of client certificate key
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: David Steele <david@pgmasters.net>, PostgreSQL Developers <pgsql-hackers@lists.postgresql.org>
Date: 2022-03-01T00:31:53Z
Lists: pgsql-hackers
Greetings, * Tom Lane (tgl@sss.pgh.pa.us) wrote: > David Steele <david@pgmasters.net> writes: > > Any thoughts on back-patching at least the client portion of this? > > Probably hard to argue that it's a bug, but it is certainly painful. > > I'd be more eager to do that if we had some field complaints > about it. Since we don't, my inclination is not to, but I'm > only -0.1 or so; anybody else want to vote? This patch was specifically developed in response to field complaints about it working differently, so there's that. Currently it's being worked around in the container environments by copying the key from the secret that's provided to a temporary space where we can modify the privileges, but that's pretty terrible. Would be great to be able to get rid of that in favor of being able to use it directly. Thanks, Stephen
Commits
-
Allow root-owned SSL private keys in libpq, not only the backend.
- 9050999efea7 10.21 landed
- 72918ea86cb9 12.11 landed
- 6599d8f12642 13.7 landed
- 5bb3d91ea926 11.16 landed
- 2a1f84636dc3 14.3 landed
- a59c79564bdc 15.0 landed
-
Doc: update libpq.sgml for root-owned SSL private keys.
- 50f03473ed81 15.0 landed