Sorry Sabra, I didn't intend to reply to you directly.
---------- Forwarded message ---------
From: Tim Hawes <trhawes(a)gmail.com>
Date: Mon, Mar 21, 2022 at 9:35 PM
Subject: Re: How to connect cl+ssl with host ca verification?
To: Sabra Crolleton <sabra.crolleton(a)gmail.com>
That works, but it looks like the root ca has to be added to the system. If
using psql I could specify where all the certs I want to use to connect
with like so:
$>psql "port=5432 host=localhost user=postgres sslcert=./test/client.crt
sslkey=./test/client.key sslrootcert=./test/server.crt sslmode=verify-full"
Is there an equivalent in Postmodern?
On Mon, Mar 21, 2022 at 8:36 PM Sabra Crolleton <sabra.crolleton(a)gmail.com>
wrote:
> The cl-postgres (open-database ...) function has :use-ssl as a key
> parameter where the parameter values:
>
> - :try means if the server supports it
> - :require means use provided ssl certificate with no verification
> - :yes means verify that the server cert is issued by a trusted CA,
> but does not verify the server hostname
> - :full means expect a CA-signed cert for the supplied hostname and
> verify the server hostname
>
> This is mirrored in the postmodern (connect ...) function.
>
> If I understand your question correctly, you want to use :full as the
> parameter passed to :use-ssl. E.g.
>
>> (connect "test_db" "test-user" "test-password" "192.168.5.223"
>> :port 5434 :pooled-p t :use-ssl :full)
>>
>> But maybe I am not understanding your question correctly.
>
> Sabra
>
> On Mon, Mar 21, 2022 at 7:50 PM Tim Hawes <trhawes(a)gmail.com> wrote:
>
>> I am not finding any helpful information in how to connect to PostgreSQL
>> using client key/client cert and a root ca for verifying the host with
>> Postmodern. Can someone send me an example?
>>
>
