Skip to content
Snippets Groups Projects

feat: implement mTLS for Pgproto

Merged Roman Kuzmin requested to merge kuzmin/pgproto-mtls into master

Для активации mTLS:

  1. Значение параметра конфигурации instance.pg.ssl = true
  2. В data-директорию инстанса, в дополнение к server.crt и server.key, положить ca.crt в формате PEM.

В результате сервер будет принимать подключения только от тех клиентов, кто предоставил сертификат и чей сертификат был подписан ca.crt или его производными.

Если ca.crt отсутствует в data-директории, то проверка peer-сертификатов не выполняется.


Edited by Yaroslav Dynnikov

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Roman Kuzmin added 5 commits

    added 5 commits

    • 32507088 - fix: expose cancel token's constructor and handle
    • a6796932 - fix: python linter warnings
    • cb0a8ed7 - fix: pgroto/ssl_test.py (succeedes locally, but fails in pipeline)
    • f8b4544b - fix pipeline tests, next try
    • 36f2a550 - update changelog

    Compare with previous version

  • Roman Kuzmin added 1 commit

    added 1 commit

    • 4ebf0dc7 - feat: update prerequisites for ubuntu 22.04

    Compare with previous version

  • Roman Kuzmin added 7 commits

    added 7 commits

    Compare with previous version

  • Roman Kuzmin added 6 commits

    added 6 commits

    Compare with previous version

  • added 1 commit

    • 51222d04 - chore(tests): change pgproto server host to 127.0.0.1

    Compare with previous version

  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Please register or sign in to reply
    Loading