Re: Patch for supporting PEM based certs and keys

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Dave Cramer <[email protected]>
To: harinath kanchu <[email protected]>
Cc: [email protected]
Subject: Re: Patch for supporting PEM based certs and keys
Date: Tue, 1 Jul 2025 14:49:37 -0400
Message-ID: <CADK3HHL0iyWCCpq2R6N1-JGyjczjtJmk9krFU=5gtTfT8GEaMA@mail.gmail.com> (raw)
In-Reply-To: <CAO7WNRRhJst=iT2C6kBjg+bYsQTBvN5ksXrNS5m+vkYGa+wGGw@mail.gmail.com>
References: <CAO7WNRRhJst=iT2C6kBjg+bYsQTBvN5ksXrNS5m+vkYGa+wGGw@mail.gmail.com>

As you have surmised, we do not accept patches in this form.

Dave Cramer
www.postgres.rocks


On Fri, 27 Jun 2025 at 13:14, harinath kanchu <[email protected]>
wrote:

> Hello Pgjdbc community,
>
> I found that PGJDBC currently lacks support for PEM based certs and keys.
>
> We have a use case where PEM files are auto renewed on disk and
> converting them to DER format requires running something that watches
> files on disk and auto-converts to DER.
>
> Hence I would like to propose a patch for supporting PEM based certs, keys.
>
> This is the approach for adding the support,
>
> - Introduce a new PEMKeyManager which implements X509KeyManager.
> - PEMKeyManager will have the logic for extracting the BASE64 encoded
> DER bytes to convert into private key using key algorithm specified by
> property PGProperty.PEM_KEY_ALGORITHM.
> - PEMKeyManager will read the PEM based cert chain using
> CertificateFactory to get the X509Certificate chain.
> - Now LibPQFactory can initialize PEMKeyManager if the SSL Keyfile
> ends with .key or .pem
>
> I am attaching a patch file which also contains new test cases for PEM
> based certs, keys. Please take a look.
>
> Thanks.
>
> Regards,
> Harinath
>

view thread (3+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Patch for supporting PEM based certs and keys
  In-Reply-To: <CADK3HHL0iyWCCpq2R6N1-JGyjczjtJmk9krFU=5gtTfT8GEaMA@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox