Re: encrypted pk8 keys work with libpg connection but not in postgres_fdw

Dave Cramer <davecramer@postgres.rocks>

From: Dave Cramer <davecramer@postgres.rocks>
To: Hunter Payne <huntercpayne@proton.me>
Cc: "pgsql-bugs@lists.postgresql.org" <pgsql-bugs@lists.postgresql.org>
Date: 2024-12-01T14:25:17Z
Lists: pgsql-bugs
Please post this on https://github.com/pgjdbc/pgjdbc/issues
Dave Cramer
www.postgres.rocks


On Wed, 10 Jul 2024 at 11:29, Hunter Payne <huntercpayne@proton.me> wrote:

> Hello,
> I am using mtls ssl encryption with postgres.  It works and even accepts
> an encrypted pk8 file.  I found two things that perhaps will help your team
> out.
>
>
>    1. The pk8 file must use this flag on the openssl pkcs8 command to
>    generate the pk8 file -v1 pbeWithSHA1And3-KeyTripleDES-CBC and the
>    PgJDBC docs are wrong about this and state to use -v1 PBE-MD5-DES
>    which doesn't work.  I think the docs just weren't updated when the
>    encryption was updated at some point in the past.
>    2. When I use postgres_fdw to make the same JDBC connection it only
>    works if I use an unencrypted pk8 file to hold the sslkey.
>
>
> I am using postgres in the alpine docker container (16.3-alpine3.20).
> Please let me know if and when this changes and I can use encrypted pk8
> files to hold keys in postgres_fdw too.
>
> Thank you,
> Hunter
>
>