Re: Allow root ownership of client certificate key

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Chris Bandy <bandy.chris@gmail.com>
Cc: David Steele <david@pgmasters.net>, Stephen Frost <sfrost@snowman.net>, PostgreSQL Developers <pgsql-hackers@lists.postgresql.org>
Date: 2022-03-02T14:40:10Z
Lists: pgsql-hackers
Chris Bandy <bandy.chris@gmail.com> writes:
> On 3/1/22 3:15 AM, Tom Lane wrote:
>> Anyway, I'd be happier about back-patching if we could document
>> actual requests to make it work like the server side does.

> PGO runs PostgreSQL 10 through 14 in Kubernetes, and we have to work
> around this issue when using certificates for system accounts.

Sold then, I'll make it so in a bit.

			regards, tom lane



Commits

  1. Allow root-owned SSL private keys in libpq, not only the backend.

  2. Doc: update libpq.sgml for root-owned SSL private keys.