PostgreSQL sslpassword

The offical for ZeosLib 7.3 Report problems, ask for help, post proposals for the new version of Zeoslib 7.3/v8
Quick Info:
-We made two new drivers: odbc(raw and unicode version) and oledb
-GUID domain/field-defined support for FB
-extended error infos of Firebird
-performance ups are still in queue
In future some more feature will arrive, so stay tuned and don't hassitate to help
Locked
Scalmax
Fresh Boarder
Fresh Boarder
Posts: 13
Joined: 04.05.2023, 15:16

PostgreSQL sslpassword

Post by Scalmax »

Hello!

I am developing an application with ZeosLib version 7.2.14 stable. Now you may say - it is wrong place to wrote the message, but i think it also belongs here. I am using libpq 15 with libssl 3.08 manually compiled under 32-bit visual studio with -MT option. My connection includes ed448 private/public keys & certificates signed by external CA. Pkey is stored in pkcs#8 format using scrypt, aes256 and other stuff with a _passphrase_.

Now normally there is psql parameter `sslpassword` with can be used to supply passphrase. As I searched throught source code I found method TZPostgreSQLConnection.BuildConnectStr, where there is no such parameter. As I looked over current master branch (https://github.com/frones/ZeosLib/blob/ ... l.pas#L764) there is no such parameter either.

1. Is this parameter emulated in some other way that I simply overlooked in newest version of Zeos?
2. If No, it there a plan to add it there?
3. There are many more parameters described in https://www.postgresql.org/docs/current ... nnect.html. Does Developers plan to add some of them (maybe a subset that makes a sense)?
4. As I stumbled over this https://severalnines.com/blog/overview- ... arameters/ do you plan to provide an interface to PQsetSSLKeyPassHook_OpenSSL?

As this is my first and rather lenghty post here, please forgive if i did not fully adhere to forum rules/guidelines. Kind regards.
marsupilami
Platinum Boarder
Platinum Boarder
Posts: 1967
Joined: 17.01.2011, 14:17

Re: PostgreSQL sslpassword

Post by marsupilami »

Hello :)

I am sorry for my late response.
Scalmax wrote: 04.05.2023, 15:37 Now normally there is psql parameter `sslpassword` with can be used to supply passphrase.
We currently don't have that parameter but it should be simple to add.
Scalmax wrote: 04.05.2023, 15:37 As I looked over current master branch (https://github.com/frones/ZeosLib/blob/master/src/dbc/ZDbcPostgreSql.pas#L764)
This isn't an offical repo. The more or less official repos are at https://github.com/marsupilami79/zeoslib.
1. Is this parameter emulated in some other way that I simply overlooked in newest version of Zeos?[/quote]
This parameter isn't emulated in any other way.
2. If No, it there a plan to add it there?
Yes - I planned this right now ;) Should be done durung the next days.
3. There are many more parameters described in https://www.postgresql.org/docs/current/libpq-connect.html. Does Developers plan to add some of them (maybe a subset that makes a sense)?
The problem here is that this really is a lot of work. So we add parameters on a per request basis. Also there is no definitive set of parameters to add since extensions to PostgreSQL may add new parameters.
There is an idea of building a kinda wildcard mechanism for using PostgreSQL parameters. But I didn't implement tthat yet.
4. As I stumbled over this https://severalnines.com/blog/overview-postgresql-13-libpq-sslpassword-connection-parameters/ do you plan to provide an interface to PQsetSSLKeyPassHook_OpenSSL?
Most probably we will not add this. Currently I am unsure how this would integrate with the current structure of Zeos. Maybe it could be added as a special extension on the DBC layer.

Best regards,

Jan
Scalmax
Fresh Boarder
Fresh Boarder
Posts: 13
Joined: 04.05.2023, 15:16

Re: PostgreSQL sslpassword

Post by Scalmax »

Hello,

Thank you for answer. I planned to add those parameters myself ealier with pull request, but i did not know if you really want to have them inside zeos. I dug thu some code to find place where i think they should be added. Then I looked over subforum, where users add adhoc fixes, but lack of time and other things made me forget about this.

It's time to set account on github and start pushing...
marsupilami
Platinum Boarder
Platinum Boarder
Posts: 1967
Joined: 17.01.2011, 14:17

Re: PostgreSQL sslpassword

Post by marsupilami »

Hello :)
Scalmax wrote: 25.05.2023, 19:56 I planned to add those parameters myself ealier with pull request, but i did not know if you really want to have them inside zeos.
We like contributions :)
Scalmax wrote: 25.05.2023, 19:56I dug thu some code to find place where i think they should be added. Then I looked over subforum, where users add adhoc fixes, but lack of time and other things made me forget about this.
I assume this happens in ZdbcPostgresql.pas. There should be a place where we check the parameters for certificate file locations. That should be the best place to also add the password option.
Scalmax wrote: 25.05.2023, 19:56It's time to set account on github and start pushing...
I will be happy to apply patches. Please keep in mind that the copy on Github is only a mirror. If you issue a pull request, I will apply the patch to our Subversion repository and from there it will be sent to Github.

Best regards,

Jan
Scalmax
Fresh Boarder
Fresh Boarder
Posts: 13
Joined: 04.05.2023, 15:16

Re: PostgreSQL sslpassword

Post by Scalmax »

I created patch using diff. File is in the attachment. Source code is taken from:
https://sourceforge.net/p/zeoslib/code- ... 0-patches/
You do not have the required permissions to view the files attached to this post.
marsupilami
Platinum Boarder
Platinum Boarder
Posts: 1967
Joined: 17.01.2011, 14:17

Re: PostgreSQL sslpassword

Post by marsupilami »

I applied your patches, so I think, this is redundant?
Scalmax
Fresh Boarder
Fresh Boarder
Posts: 13
Joined: 04.05.2023, 15:16

Re: PostgreSQL sslpassword

Post by Scalmax »

Yes, it it redundant.
Note for future readers: Due to merged pull requests, this thread is ready for being locked and archived in my opinion.
marsupilami
Platinum Boarder
Platinum Boarder
Posts: 1967
Joined: 17.01.2011, 14:17

Re: PostgreSQL sslpassword

Post by marsupilami »

Locked ;)
Locked