Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for custom server certs #838

Open
chrisjowen opened this issue Oct 23, 2024 · 1 comment
Open

Add support for custom server certs #838

chrisjowen opened this issue Oct 23, 2024 · 1 comment

Comments

@chrisjowen
Copy link

Is your feature request related to a problem? Please describe.

I believe (which my non existent knowledge of rust) that the server certificates used so validate TSL handshake between the proxy and the client uses the bundled Firefox CA certs only and there's no way to at to these.

Here's where I think this is the case:

https://github.com/postgresml/pgcat/blob/main/src/server.rs#L403

I could be completely wrong so feel free to correct be if I am

Describe the solution you'd like
Possibly in the config to have an option to specify additional cert file locations

Describe alternatives you've considered
Can't think of any

Additional context

I hit this problem trying to connect to AWS RDS which provides a cert not in the keystore
@magec
Copy link
Collaborator

magec commented Nov 6, 2024

I think you are right and there is no way of adding new certification authorities with current PgCat. Maybe we should provide a way of trusted CAs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chrisjowen @magec