diff options
| author | Tom Lane | 2022-03-02 16:57:02 +0000 |
|---|---|---|
| committer | Tom Lane | 2022-03-02 16:57:02 +0000 |
| commit | 5bb3d91ea9269dfe8a7f429fe68e1148384f1cbf (patch) | |
| tree | 441e77d00959bf382e56f95060c3c2024e90ca1c /doc/src | |
| parent | 31befa6be620122afd95c6a64bc313efe6e1ceea (diff) | |
Allow root-owned SSL private keys in libpq, not only the backend.
This change makes libpq apply the same private-key-file ownership
and permissions checks that we have used in the backend since commit
9a83564c5. Namely, that the private key can be owned by either the
current user or root (with different file permissions allowed in the
two cases). This allows system-wide management of key files, which
is just as sensible on the client side as the server, particularly
when the client is itself some application daemon.
Sync the comments about this between libpq and the backend, too.
Back-patch of a59c79564 and 50f03473e into all supported branches.
David Steele
Discussion: https://postgr.es/m/f4b7bc55-97ac-9e69-7398-335e212f7743@pgmasters.net
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 1b76ef2db73..e452773df39 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -7837,24 +7837,36 @@ ldap://ldap.acme.com/cn=dbserver,cn=hosts?pgconnectinfo?base?(objectclass=*) <para> If the server attempts to verify the identity of the client by requesting the client's leaf certificate, - <application>libpq</application> will send the certificates stored in + <application>libpq</application> will send the certificate(s) stored in file <filename>~/.postgresql/postgresql.crt</filename> in the user's home directory. The certificates must chain to the root certificate trusted by the server. A matching private key file <filename>~/.postgresql/postgresql.key</filename> must also - be present. The private - key file must not allow any access to world or group; achieve this by the - command <command>chmod 0600 ~/.postgresql/postgresql.key</command>. + be present. On Microsoft Windows these files are named <filename>%APPDATA%\postgresql\postgresql.crt</filename> and - <filename>%APPDATA%\postgresql\postgresql.key</filename>, and there - is no special permissions check since the directory is presumed secure. + <filename>%APPDATA%\postgresql\postgresql.key</filename>. The location of the certificate and key files can be overridden by the - connection parameters <literal>sslcert</literal> and <literal>sslkey</literal> or the + connection parameters <literal>sslcert</literal> + and <literal>sslkey</literal>, or by the environment variables <envar>PGSSLCERT</envar> and <envar>PGSSLKEY</envar>. </para> <para> + On Unix systems, the permissions on the private key file must disallow + any access to world or group; achieve this by a command such as + <command>chmod 0600 ~/.postgresql/postgresql.key</command>. + Alternatively, the file can be owned by root and have group read access + (that is, <literal>0640</literal> permissions). That setup is intended + for installations where certificate and key files are managed by the + operating system. The user of <application>libpq</application> should + then be made a member of the group that has access to those certificate + and key files. (On Microsoft Windows, there is no file permissions + check, since the <filename>%APPDATA%\postgresql</filename> directory is + presumed secure.) + </para> + + <para> The first certificate in <filename>postgresql.crt</filename> must be the client's certificate because it must match the client's private key. <quote>Intermediate</quote> certificates can be optionally appended |