Skip to content

GitLab

Explore

Sign in
Register

Primary navigation

Project

P

picodata
- Activity
- Members
- Labels
- Container Registry
- Model registry

Snippets Groups Projects

!1251

feat: implement mTLS for Pgproto

Review changes
Download
Patches
Plain diff

Merged feat: implement mTLS for Pgproto

kuzmin/pgproto-mtls into master

Overview 27
Commits 3
Pipelines 21
Changes 8

Merged Roman Kuzmin requested to merge kuzmin/pgproto-mtls into master 7 months ago

Overview 27
Commits 3
Pipelines 21
Changes 8

Для активации mTLS:

Значение параметра конфигурации instance.pg.ssl = true
В data-директорию инстанса, в дополнение к server.crt и server.key, положить ca.crt в формате PEM.

В результате сервер будет принимать подключения только от тех клиентов, кто предоставил сертификат и чей сертификат был подписан ca.crt или его производными.

Если ca.crt отсутствует в data-директории, то проверка peer-сертификатов не выполняется.

Close #878 (closed)
Cherry-pick to: none
Docs follow-up: docs#339 (closed)

Edited 7 months ago by Yaroslav Dynnikov

Merge request reports

Activity

Filter activity

Approvals
Assignees & reviewers
Comments (from bots)
Comments (from users)
Commits & branches
Edits
Labels
Lock status
Mentions
Merge request status
Tracking

Please register or sign in to reply

Assignee

Select assignees

0 Reviewers

None

Request review from

Loading

Labels

0

None

0

None

Select labels

Manage project labels

Milestone

None

None

None

Time tracking

No estimate or time spent

0

0 Participants

Loading