Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Support inline SSL certificates #818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 12, 2021
Merged

Support inline SSL certificates #818

merged 3 commits into from
Feb 12, 2021

Conversation

@eirslett
Copy link
Contributor

Presently, pq only supports SSL connections by
loading PEM certificates from files on disk.
There are some situations (for example integration
with HashiCorp Vault) where it's not so feasible
to load certificates from a file system, but better
to store them in-memory.

This patch lets you set ?sslinline=true in the
connection string, which changes the behavior of
the paramters sslrootcert, sslcert and sslkey, so
they contain the contents of the certificates
directly, instead of file names pointing to the
certificates on disk.

What do you think about a change like this?
My specific use case is adding SSL support to Vault's integration with PostgreSQL - today it can only communicate over a plaintext socket. However, Vault doesn't store secrets/certificates directly on disk, but rather on an encrypted, distributed, pluggable backend system, which is the reason for this feature request: Vault can read the certificates from wherever they are stored, and pass them into pq via the connection string.

eirslett
eirslett commented Dec 16, 2018
View reviewed changes
url.go
accrue := func(k, v string) {
if v != "" {
kvs = append(kvs, k+"="+escaper.Replace(v))
kvs = append(kvs, k+"='"+escaper.Replace(v)+"'")
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change was made because PEM certificates include newlines, equal signs and various stuff that is tricky to escape - but by adding single quotes, we can work around the problem.

@eirslett eirslett mentioned this pull request Dec 16, 2018
Closed
@eirslett
Copy link
Contributor Author

I'm not sure why the Travis build fails... looks like a flaky test, maybe? Could somebody please trigger a new build?

@umran
Copy link

umran commented Jan 3, 2020

I have the exact same use case, which is what led me to this PR and the PR you submitted to Vault: hashicorp/vault#5963. I really hope this gets reviewed at some point.

@binlab
Copy link

binlab commented Feb 11, 2021

@mjibson could you please look at this PR? Would be nice to have the possibility to use inline certificates. Hope for your help, thanks!

@madelynnblue
Copy link
Collaborator

Can you or someone rebase this on master so the tests re-run? Open a new PR and mention me if needed.

@eirslett
Support inline SSL certificates
b9bb726 
Presently, pq only supports SSL connections by
loading PEM certificates from files on disk.
There are some situations (for example integration
with HashiCorp Vault) where it's not so feasible
to load certificates from a file system, but better
to store them in-memory.

This patch lets you set ?sslinline=true in the
connection string, which changes the behavior of
the paramters sslrootcert, sslcert and sslkey, so
they contain the contents of the certificates
directly, instead of file names pointing to the
certificates on disk.
@eirslett
remove empty line
b7c85ee
@eirslett
Copy link
Contributor Author

2 years already... time flies! I rebased it on top of master now. 🤞

@madelynnblue madelynnblue merged commit 072e83d into lib:master Feb 12, 2021
@eirslett eirslett deleted the feature/ssl-inline branch February 14, 2021 16:37
@binlab
Copy link

binlab commented Feb 15, 2021

@mjibson @eirslett thanks for making it possible!

This was referenced Mar 8, 2021
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Closed
Merged
Merged
Closed
Merged
Merged
This was referenced Mar 13, 2021
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Closed
Merged
Merged
@Lekensteyn Lekensteyn mentioned this pull request Apr 15, 2021
Closed
@fearful-symmetry fearful-symmetry mentioned this pull request Oct 6, 2021
Merged
2 tasks
@risicle risicle mentioned this pull request Oct 22, 2021
Open
This was referenced May 19, 2022
Closed
Merged
@wosc wosc mentioned this pull request Sep 22, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@eirslett @umran @binlab @madelynnblue