Re: Allow root ownership of client certificate key

David Steele <david@pgmasters.net>

From: David Steele <david@pgmasters.net>
To: Tom Lane <tgl@sss.pgh.pa.us>, Chris Bandy <bandy.chris@gmail.com>
Cc: Stephen Frost <sfrost@snowman.net>, PostgreSQL Developers <pgsql-hackers@lists.postgresql.org>
Date: 2022-03-02T17:17:34Z
Lists: pgsql-hackers
On 3/2/22 08:40, Tom Lane wrote:
> Chris Bandy <bandy.chris@gmail.com> writes:
>> On 3/1/22 3:15 AM, Tom Lane wrote:
>>> Anyway, I'd be happier about back-patching if we could document
>>> actual requests to make it work like the server side does.
> 
>> PGO runs PostgreSQL 10 through 14 in Kubernetes, and we have to work
>> around this issue when using certificates for system accounts.
> 
> Sold then, I'll make it so in a bit.

Thank you! I think the containers community is really going to 
appreciate this.

Regards,
-David



Commits

  1. Allow root-owned SSL private keys in libpq, not only the backend.

  2. Doc: update libpq.sgml for root-owned SSL private keys.