pgcat icon indicating copy to clipboard operation
pgcat copied to clipboard
verified publisher icon postgresml

Add support for custom server certs

Open chrisjowen opened this issue 1 year ago • 1 comments

Is your feature request related to a problem? Please describe.

I believe (which my non existent knowledge of rust) that the server certificates used so validate TSL handshake between the proxy and the client uses the bundled Firefox CA certs only and there's no way to at to these.

Here's where I think this is the case:

https://github.com/postgresml/pgcat/blob/main/src/server.rs#L403

I could be completely wrong so feel free to correct be if I am

Describe the solution you'd like Possibly in the config to have an option to specify additional cert file locations

Describe alternatives you've considered Can't think of any

Additional context

I hit this problem trying to connect to AWS RDS which provides a cert not in the keystore

chrisjowen avatar Oct 23 '24 10:10 chrisjowen

I think you are right and there is no way of adding new certification authorities with current PgCat. Maybe we should provide a way of trusted CAs.

magec avatar Nov 06 '24 10:11 magec