libq support for sslpassword connection param, DER format keys

Enterprise / PostgreSQL - Andrew Dunstan [dunslane.net] - 30 November 2019 20:27 EST

This patch providies for support for password protected SSL client keys in libpq, and for DER format keys, both encrypted and unencrypted. There is a new connection parameter sslpassword, which is supplied to the OpenSSL libraries via a callback function. The callback function can also be set by an application by calling PQgetSSLKeyPassHook(). There is also a function to retreive the connection setting, PQsslpassword().

Craig Ringer and Andrew Dunstan

Reviewed by: Greg Nancarrow

Discussion: https://postgr.es/m/f7ee88ed-95c4-95c1-d4bf-7b415363ab62@2ndQuadrant.com

4dc6355210 libq support for sslpassword connection param, DER format keys
contrib/dblink/expected/dblink.out | 2 +-
doc/src/sgml/libpq.sgml | 134 ++++++++++++++++++++++++++++++
doc/src/sgml/postgres-fdw.sgml | 2 +-
src/interfaces/libpq/exports.txt | 4 +
src/interfaces/libpq/fe-connect.c | 14 ++++
src/interfaces/libpq/fe-secure-openssl.c | 99 +++++++++++++++++++++-
src/interfaces/libpq/libpq-fe.h | 9 ++
src/interfaces/libpq/libpq-int.h | 2 +
src/test/ssl/Makefile | 22 ++++-
src/test/ssl/ssl/client-der.key | Bin 0 -> 1191 bytes
src/test/ssl/ssl/client-encrypted-der.key | Bin 0 -> 1191 bytes
src/test/ssl/ssl/client-encrypted-pem.key | 30 +++++++
src/test/ssl/t/001_ssltests.pl | 75 +++++++++++++++--
13 files changed, 376 insertions(+), 17 deletions(-)

Upstream: git.postgresql.org


  • Share