Message-ID: From: "harinath001 (@harinath001)" To: "pgjdbc/pgjdbc" Date: Mon, 10 Nov 2025 19:36:01 +0000 Subject: Re: [pgjdbc/pgjdbc] PR #3700: Add PEMKeyManager to handle PEM based certs and keys. In-Reply-To: References: List-Id: X-GitHub-Author-Login: harinath001 X-GitHub-Comment-Id: 2511734641 X-GitHub-Comment-Type: review_comment X-GitHub-Commit: 4c48827d92842b518dc418788cea5b0a71c477ba X-GitHub-Issue: 3700 X-GitHub-Path: pgjdbc/src/main/java/org/postgresql/ssl/PEMKeyManager.java X-GitHub-Repo: pgjdbc/pgjdbc X-GitHub-Type: review_comment X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/pull/3700#discussion_r2511734641 Content-Type: text/plain; charset=utf-8 (on pgjdbc/src/main/java/org/postgresql/ssl/PEMKeyManager.java) @davecramer i see that the file permissions of the existing key files committed in the repo don't have the correct permissions. ``` -rw-r--r--@ 1 harinath staff 1570 Nov 10 11:24 badclient.crt -rw-r--r--@ 1 harinath staff 1704 Nov 10 11:24 badclient.key -rw-r--r--@ 1 harinath staff 2940 Nov 10 11:24 badclient.p12 -rw-r--r--@ 1 harinath staff 1956 Nov 10 11:24 badroot.crt -rw-r--r--@ 1 harinath staff 3446 Nov 10 11:24 badroot.key -rw-r--r--@ 1 harinath staff 41 Nov 10 11:24 badroot.srl -rw-r--r--@ 1 harinath staff 1570 Nov 10 11:24 goodclient.crt -rw-r--r--@ 1 harinath staff 1704 Nov 10 11:24 goodclient.key -rw-r--r--@ 1 harinath staff 2940 Nov 10 11:24 goodclient.p12 -rw-r--r--@ 1 harinath staff 1956 Nov 10 11:24 goodroot.crt -rw-r--r--@ 1 harinath staff 2932 Nov 10 11:31 Makefile -rw-r--r--@ 1 harinath staff 1353 Nov 10 11:24 README.md drwxr-xr-x@ 8 harinath staff 256 Nov 10 11:24 server ``` We can update the `Makefile` to ensure `goodclient.key` have owner-read-only permissions. But I am wondering whats the way to change the permissions of the existing files. It seems one of the test case is failing due to the new check to verify the file permissions we added. ``` at platform/java.sql@21.0.9/java.sql.DriverManager.getConnection(DriverManager.java:191) at app//org.postgresql.test.TestUtil.openDB(TestUtil.java:358) at app//org.postgresql.test.ssl.PEMKeyManagerTest.TestGoodClientPEM(PEMKeyManagerTest.java:60) Caused by: org.postgresql.util.PSQLException: Private key file "/home/runner/work/pgjdbc/pgjdbc/pgjdbc/../certdir/goodclient.key" has insecure permissions. Permissions for group and other must be revoked. Current permissions: rw-r--r-- ``` can we update the file permissions of these files to fix the failure ?