| From: | Dave Cramer <davecramer(at)postgres(dot)rocks> |
|---|---|
| To: | Hunter Payne <huntercpayne(at)proton(dot)me> |
| Cc: | "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: encrypted pk8 keys work with libpg connection but not in postgres_fdw |
| Date: | 2024-12-01 14:25:17 |
| Message-ID: | CADK3HHKzR6HdK-89TSR5huAwPDFoyWmgcaL5YdE+PmcyoujSKw@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Please post this on https://github.com/pgjdbc/pgjdbc/issues
Dave Cramer
www.postgres.rocks
On Wed, 10 Jul 2024 at 11:29, Hunter Payne <huntercpayne(at)proton(dot)me> wrote:
> Hello,
> I am using mtls ssl encryption with postgres. It works and even accepts
> an encrypted pk8 file. I found two things that perhaps will help your team
> out.
>
>
> 1. The pk8 file must use this flag on the openssl pkcs8 command to
> generate the pk8 file -v1 pbeWithSHA1And3-KeyTripleDES-CBC and the
> PgJDBC docs are wrong about this and state to use -v1 PBE-MD5-DES
> which doesn't work. I think the docs just weren't updated when the
> encryption was updated at some point in the past.
> 2. When I use postgres_fdw to make the same JDBC connection it only
> works if I use an unencrypted pk8 file to hold the sslkey.
>
>
> I am using postgres in the alpine docker container (16.3-alpine3.20).
> Please let me know if and when this changes and I can use encrypted pk8
> files to hold keys in postgres_fdw too.
>
> Thank you,
> Hunter
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | yuansong | 2024-12-01 15:07:16 | Re:Re: Re:Re:Re: backup server core when redo btree_xlog_insert that type is XLOG_BTREE_INSERT_POST |
| Previous Message | Peter Geoghegan | 2024-12-01 13:33:28 | Re: Re:Re:Re: backup server core when redo btree_xlog_insert that type is XLOG_BTREE_INSERT_POST |