| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Allow root-owned SSL private keys in libpq, not only the backend |
| Date: | 2022-02-28 19:12:58 |
| Message-ID: | E1nOlS5-000KML-Ax@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Allow root-owned SSL private keys in libpq, not only the backend.
This change makes libpq apply the same private-key-file ownership
and permissions checks that we have used in the backend since commit
9a83564c5. Namely, that the private key can be owned by either the
current user or root (with different file permissions allowed in the
two cases). This allows system-wide management of key files, which
is just as sensible on the client side as the server, particularly
when the client is itself some application daemon.
Sync the comments about this between libpq and the backend, too.
David Steele
Discussion: https://postgr.es/m/f4b7bc55-97ac-9e69-7398-335e212f7743@pgmasters.net
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/a59c79564bdc209a5bc7b02d706f0d7352eb82fa
Modified Files
--------------
src/backend/libpq/be-secure-common.c | 28 +++++++++++-----------
src/interfaces/libpq/fe-secure-openssl.c | 40 +++++++++++++++++++++++++++++---
2 files changed, 50 insertions(+), 18 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2022-02-28 20:37:02 | pgsql: Handle integer overflow in interval justification functions. |
| Previous Message | Tom Lane | 2022-02-28 17:54:18 | pgsql: Don't use static storage for SaveTransactionCharacteristics(). |