Re: [pgjdbc/pgjdbc] PR #3700: Add PEMKeyManager to handle PEM based certs and keys.

pgjdbc/pgjdbc GitHub issues and pull requests (mirror)  
help / color / mirror / Atom feed

From: harinath001 (@harinath001) <[email protected]>
To: pgjdbc/pgjdbc <[email protected]>
Subject: Re: [pgjdbc/pgjdbc] PR #3700: Add PEMKeyManager to handle PEM based certs and keys.
Date: Mon, 10 Nov 2025 19:36:01 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>

(on pgjdbc/src/main/java/org/postgresql/ssl/PEMKeyManager.java)

@davecramer 
i see that the file permissions of the existing key files committed in the repo don't have the correct permissions.
```
-rw-r--r--@ 1 harinath  staff  1570 Nov 10 11:24 badclient.crt
-rw-r--r--@ 1 harinath  staff  1704 Nov 10 11:24 badclient.key
-rw-r--r--@ 1 harinath  staff  2940 Nov 10 11:24 badclient.p12
-rw-r--r--@ 1 harinath  staff  1956 Nov 10 11:24 badroot.crt
-rw-r--r--@ 1 harinath  staff  3446 Nov 10 11:24 badroot.key
-rw-r--r--@ 1 harinath  staff    41 Nov 10 11:24 badroot.srl
-rw-r--r--@ 1 harinath  staff  1570 Nov 10 11:24 goodclient.crt
-rw-r--r--@ 1 harinath  staff  1704 Nov 10 11:24 goodclient.key
-rw-r--r--@ 1 harinath  staff  2940 Nov 10 11:24 goodclient.p12
-rw-r--r--@ 1 harinath  staff  1956 Nov 10 11:24 goodroot.crt
-rw-r--r--@ 1 harinath  staff  2932 Nov 10 11:31 Makefile
-rw-r--r--@ 1 harinath  staff  1353 Nov 10 11:24 README.md
drwxr-xr-x@ 8 harinath  staff   256 Nov 10 11:24 server
```

We can update the `Makefile` to ensure `goodclient.key` have owner-read-only permissions. But I am wondering whats the way to change the permissions of the existing files. 

It seems one of the test case is failing due to the new check to verify the file permissions we added.

```
at platform/[email protected]/java.sql.DriverManager.getConnection(DriverManager.java:191)
      at app//org.postgresql.test.TestUtil.openDB(TestUtil.java:358)
      at app//org.postgresql.test.ssl.PEMKeyManagerTest.TestGoodClientPEM(PEMKeyManagerTest.java:60)
      Caused by: org.postgresql.util.PSQLException: Private key file "/home/runner/work/pgjdbc/pgjdbc/pgjdbc/../certdir/goodclient.key" has insecure permissions. Permissions for group and other must be revoked. Current permissions: rw-r--r--
```

can we update the file permissions of these files to fix the failure ?

view thread (30+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: github://pgjdbc/pgjdbc
  Cc: [email protected], [email protected]
  Subject: Re: [pgjdbc/pgjdbc] PR #3700: Add PEMKeyManager to handle PEM based certs and keys.
  In-Reply-To: <<[email protected]>>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox