Postmodern uses cl+ssl and I do not see cl+ssl using a root ca. Maybe I am missing something in that library?
On Mon, Mar 21, 2022 at 9:37 PM Tim Hawes <trha...@gmail.com> wrote: > Sorry Sabra, I didn't intend to reply to you directly. > > ---------- Forwarded message --------- > From: Tim Hawes <trha...@gmail.com> > Date: Mon, Mar 21, 2022 at 9:35 PM > Subject: Re: How to connect cl+ssl with host ca verification? > To: Sabra Crolleton <sabra.crolle...@gmail.com> > > > That works, but it looks like the root ca has to be added to the system. > If using psql I could specify where all the certs I want to use to connect > with like so: > > $>psql "port=5432 host=localhost user=postgres sslcert=./test/client.crt > sslkey=./test/client.key sslrootcert=./test/server.crt sslmode=verify-full" > Is there an equivalent in Postmodern? > > On Mon, Mar 21, 2022 at 8:36 PM Sabra Crolleton <sabra.crolle...@gmail.com> > wrote: > >> The cl-postgres (open-database ...) function has :use-ssl as a key >> parameter where the parameter values: >> >> - :try means if the server supports it >> - :require means use provided ssl certificate with no verification >> - :yes means verify that the server cert is issued by a trusted CA, >> but does not verify the server hostname >> - :full means expect a CA-signed cert for the supplied hostname and >> verify the server hostname >> >> This is mirrored in the postmodern (connect ...) function. >> >> If I understand your question correctly, you want to use :full as the >> parameter passed to :use-ssl. E.g. >> >>> (connect "test_db" "test-user" "test-password" "192.168.5.223" >>> :port 5434 :pooled-p t :use-ssl :full) >>> >>> But maybe I am not understanding your question correctly. >> >> Sabra >> >> On Mon, Mar 21, 2022 at 7:50 PM Tim Hawes <trha...@gmail.com> wrote: >> >>> I am not finding any helpful information in how to connect to PostgreSQL >>> using client key/client cert and a root ca for verifying the host with >>> Postmodern. Can someone send me an example? >>> >>
