git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Tom Lane <tgl@sss.pgh.pa.us>
	Wed, 2 Mar 2022 16:57:02 +0000 (11:57 -0500)
committer	Tom Lane <tgl@sss.pgh.pa.us>
	Wed, 2 Mar 2022 16:57:02 +0000 (11:57 -0500)
commit	6599d8f1264299ee595f2eaf4dc6a9aa2d7940d2
tree	09287515dc968e0a8ffa19f3e31ba29ae7b217c5	tree
parent	9b2d762a283dc65b2168c3555302e7a23bc377e1	commit \| diff

Allow root-owned SSL private keys in libpq, not only the backend.

This change makes libpq apply the same private-key-file ownership
and permissions checks that we have used in the backend since commit
9a83564c5. Namely, that the private key can be owned by either the
current user or root (with different file permissions allowed in the
two cases). This allows system-wide management of key files, which
is just as sensible on the client side as the server, particularly
when the client is itself some application daemon.

Sync the comments about this between libpq and the backend, too.

Back-patch of a59c79564 and 50f03473e into all supported branches.

David Steele

Discussion: https://postgr.es/m/f4b7bc55-97ac-9e69-7398-335e212f7743@pgmasters.net

doc/src/sgml/libpq.sgml		diff \| blob \| blame \| history
src/backend/libpq/be-secure-common.c		diff \| blob \| blame \| history
src/interfaces/libpq/fe-secure-openssl.c		diff \| blob \| blame \| history