Autore: Jasen Betts Data: To: exim-users Oggetto: Re: [exim] Encrypted SSL connection to remote PostgreSQL cluster
On 2021-09-10, Jeremy Harris via Exim-users <exim-users@???> wrote: > On 10/09/2021 09:13, Jeremy Harris via Exim-users wrote:
>> On 10/09/2021 01:31, Patrick via Exim-users wrote:
>>> Before I spend too much time trying to figure this out, is it possible to configure my PostgreSQL connection to use passwordless certificate based authentication?
>>
>> Nope. We're using what seems to be an older API for the client-connection
>> which does not support SSL. A wishlist-level bug would be appropriate.
>
> Actually, reading the Postgres docs further, there's a faint hope.
> Try something like:
>
> pgsql_servers = "host=192.168.45.16 sslcert=client.crt sslkey=client.key sslmode=verify-ca sslrootcert=root.crt/exim/thepguser/"
>
> (We're still using the older API, but it appears to have a forward-compat
> feature. This might be pgsql-library version dependent; I'm looking
> at the 8.3 docs)
As I unserstand it the old libpq connect call naively massages its
parameters to match the new connection string interface, so it's
preactical to inject connection parameters using the database-name
field