movine icon indicating copy to clipboard operation
movine copied to clipboard

Published 20 hours ago verified publisher icon byronwasti

TLS certificate options

Open couchand opened this issue 1 year ago • 2 comments

I've only just discovered this tool but it looks really neat!

One system I'm working with uses client certs for PG authentication, so I was excited to see your README point out that the software supports the PGSSLCERT environment variable. Diving into the implementation, it looks like it uses that file for the root CA cert, rather than the client cert. So, I'd suggest two changes:

  • The root CA cert file should rather be specified with the PGSSLROOTCERT environment variable, and
  • Add support for client certificates & keys in files specified by PGSSLCERT and PGSSLKEY.

The first one should be a pretty quick change but the latter one is perhaps a bit more effort. I'd be happy to work up a PR if you'd be open to adding this support?

couchand avatar Mar 20 '23 20:03 couchand

Thanks for the interest! I haven't really had time to work on this, and likely won't dedicate too much time to it. The library/binary is a bit rough around the edges as a fair warning. I will take a look at your PRs, thanks for making them

byronwasti avatar Mar 27 '23 21:03 byronwasti

Hey sorry for the super late response, I'm likely not going to have time to dedicate to this project for the foreseeable future. I'll merge the PRs and clean up the CI stuff at this point though

byronwasti avatar May 06 '23 18:05 byronwasti