| From: | Andreas Karlsson <andreas(at)proxel(dot)se> |
|---|---|
| To: | Tony Finch <dot(at)dotat(dot)at>, pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: psql cannot read client SSL private key from a pipe |
| Date: | 2017-12-30 18:30:54 |
| Message-ID: | aa2da38e-3869-cb9b-f917-a6000853306e@proxel.se |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On 12/21/2017 06:40 PM, Tony Finch wrote:
> PostgreSQL version: 10.1
> OS: Debian Stretch 9.3
>
> I would like to be able to pass my SSL private key to psql via a pipe.
> This is so that I can use the gpg agent to decrypt my key without retyping
> my passphrase each time. (There isn't an agent for OpenSSL's own key
> decryption routines.) For example,
>
> $ psql 'host=db1 port=5432 sslmode=verify-full user=postgres \
> sslcert=postgres.crt sslkey='<(gpg -d postgres.pem.asc)
Hm, this does sound like a useful feature. Not sure if it counts as a
bug though, so the hackers list is probably more suited for this patch.
> I think it would be better to remove the check - with the patch below I
> can log in using the command quoted above.
>
> Alternatively you could only exclude S_ISDIR() and S_ISBLK() - the other
> cases allow getting keys from interesting placesq.
I do not know why this check was added in the first place so I am not
entirely sure what the right behavior should be. Maybe it would be
enough with an S_ISDIR() check.
Andreas
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Devrim Gündüz | 2017-12-30 18:56:19 | Re: BUG #14995: repmgr_funcs lib is missing in rpm |
| Previous Message | PG Bug reporting form | 2017-12-30 14:31:13 | BUG #14995: repmgr_funcs lib is missing in rpm |