New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ssl: look for ~/.postgresql/root.crt #891
base: master
Are you sure you want to change the base?
Conversation
The failing test seems unrelated to this patch.
|
Any chance to get this PR done? |
This project is in maintenance mode (https://github.com/lib/pq#status), but I can merge this patch if it gets rebased to resolve conflicts, and tests are added. |
Sorry, missed that information. In that case, I guess it's not worth it. |
If the sslrootcert option hasn't been specified, use ~/.postgresql/root.crt if it exists (or %APPDATA%\postgresql\root.crt on Windows). This is what libpq does. See - https://www.postgresql.org/docs/11/libpq-connect.html#LIBPQ-CONNECT-SSLROOTCERT - https://www.postgresql.org/docs/current/libpq-ssl.html#LIBQ-SSL-CERTIFICATES
b296a77
to
2f89da5
Compare
I rewrote the patch on top of master and added a test. The patch is now simpler than before and will now also work on Windows. |
I'm currently changing the existing tests and only just now realized that this PR will change the behavior when sslrootcert is absent or empty from using system CAs to failing (unless ~/.postgresql/root.crt exists). I'm not convinced anymore that that is a good idea, even if it matches libpq's behavior (which never considers system CAs as far as I can tell). WDYT? |
TestDefaultRootCert removed because it is a complex test that is redundant with TestSSLVerifyCA* and TestSSLVerifyFull*.
If the sslrootcert option hasn't been specified, use ~/.postgresql/root.crt if it exists.
This is what libpq does.