On Wed, 6 Dec 2023 at 04:28, <[email protected]> wrote: > > Hi Chris, > > the SSL module supports passing client certificates, and the Sql.pgsql > module uses SSL.File, however it doesn't directly provide any hooks for > configuring the client certs. I think it would be easy to add, basically > you just need a way to pass a properly configured SSL.Context object to > the SSL.File object in (I think the relevant place is in > Sql.pgsql_util.pmod). Once that's done, the handshake process should see > the client certs and then pass them when requested by the server.
That sounds pretty doable. The options mapping would be the place for it. I propose adding a third SSL-related option: use_ssl - use SSL if available, else unencrypted force_ssl - use SSL or fail if not supported ssl_context - if SSL is enabled by either of the above options, use this SSL.Context Sound good? I'll try to put together an implementation, although I'm not sure there's a viable way to add tests for it. ChrisA
