Re: encrypted pk8 keys work with libpg connection but not in postgres_fdw
Dave Cramer <davecramer@postgres.rocks>
From: Dave Cramer <davecramer@postgres.rocks>
To: Hunter Payne <huntercpayne@proton.me>
Cc: "pgsql-bugs@lists.postgresql.org" <pgsql-bugs@lists.postgresql.org>
Date: 2024-12-01T14:25:17Z
Lists: pgsql-bugs
Please post this on https://github.com/pgjdbc/pgjdbc/issues Dave Cramer www.postgres.rocks On Wed, 10 Jul 2024 at 11:29, Hunter Payne <huntercpayne@proton.me> wrote: > Hello, > I am using mtls ssl encryption with postgres. It works and even accepts > an encrypted pk8 file. I found two things that perhaps will help your team > out. > > > 1. The pk8 file must use this flag on the openssl pkcs8 command to > generate the pk8 file -v1 pbeWithSHA1And3-KeyTripleDES-CBC and the > PgJDBC docs are wrong about this and state to use -v1 PBE-MD5-DES > which doesn't work. I think the docs just weren't updated when the > encryption was updated at some point in the past. > 2. When I use postgres_fdw to make the same JDBC connection it only > works if I use an unencrypted pk8 file to hold the sslkey. > > > I am using postgres in the alpine docker container (16.3-alpine3.20). > Please let me know if and when this changes and I can use encrypted pk8 > files to hold keys in postgres_fdw too. > > Thank you, > Hunter > >