Page 1 of 1

PostgreSQL sslpassword

Posted: 04.05.2023, 15:37
by Scalmax
Hello!

I am developing an application with ZeosLib version 7.2.14 stable. Now you may say - it is wrong place to wrote the message, but i think it also belongs here. I am using libpq 15 with libssl 3.08 manually compiled under 32-bit visual studio with -MT option. My connection includes ed448 private/public keys & certificates signed by external CA. Pkey is stored in pkcs#8 format using scrypt, aes256 and other stuff with a _passphrase_.

Now normally there is psql parameter `sslpassword` with can be used to supply passphrase. As I searched throught source code I found method TZPostgreSQLConnection.BuildConnectStr, where there is no such parameter. As I looked over current master branch (https://github.com/frones/ZeosLib/blob/ ... l.pas#L764) there is no such parameter either.

1. Is this parameter emulated in some other way that I simply overlooked in newest version of Zeos?
2. If No, it there a plan to add it there?
3. There are many more parameters described in https://www.postgresql.org/docs/current ... nnect.html. Does Developers plan to add some of them (maybe a subset that makes a sense)?
4. As I stumbled over this https://severalnines.com/blog/overview- ... arameters/ do you plan to provide an interface to PQsetSSLKeyPassHook_OpenSSL?

As this is my first and rather lenghty post here, please forgive if i did not fully adhere to forum rules/guidelines. Kind regards.

Re: PostgreSQL sslpassword

Posted: 24.05.2023, 09:32
by marsupilami
Hello :)

I am sorry for my late response.
Scalmax wrote: 04.05.2023, 15:37 Now normally there is psql parameter `sslpassword` with can be used to supply passphrase.
We currently don't have that parameter but it should be simple to add.
Scalmax wrote: 04.05.2023, 15:37 As I looked over current master branch (https://github.com/frones/ZeosLib/blob/master/src/dbc/ZDbcPostgreSql.pas#L764)
This isn't an offical repo. The more or less official repos are at https://github.com/marsupilami79/zeoslib.
1. Is this parameter emulated in some other way that I simply overlooked in newest version of Zeos?[/quote]
This parameter isn't emulated in any other way.
2. If No, it there a plan to add it there?
Yes - I planned this right now ;) Should be done durung the next days.
3. There are many more parameters described in https://www.postgresql.org/docs/current/libpq-connect.html. Does Developers plan to add some of them (maybe a subset that makes a sense)?
The problem here is that this really is a lot of work. So we add parameters on a per request basis. Also there is no definitive set of parameters to add since extensions to PostgreSQL may add new parameters.
There is an idea of building a kinda wildcard mechanism for using PostgreSQL parameters. But I didn't implement tthat yet.
4. As I stumbled over this https://severalnines.com/blog/overview-postgresql-13-libpq-sslpassword-connection-parameters/ do you plan to provide an interface to PQsetSSLKeyPassHook_OpenSSL?
Most probably we will not add this. Currently I am unsure how this would integrate with the current structure of Zeos. Maybe it could be added as a special extension on the DBC layer.

Best regards,

Jan

Re: PostgreSQL sslpassword

Posted: 25.05.2023, 19:56
by Scalmax
Hello,

Thank you for answer. I planned to add those parameters myself ealier with pull request, but i did not know if you really want to have them inside zeos. I dug thu some code to find place where i think they should be added. Then I looked over subforum, where users add adhoc fixes, but lack of time and other things made me forget about this.

It's time to set account on github and start pushing...

Re: PostgreSQL sslpassword

Posted: 26.05.2023, 09:39
by marsupilami
Hello :)
Scalmax wrote: 25.05.2023, 19:56 I planned to add those parameters myself ealier with pull request, but i did not know if you really want to have them inside zeos.
We like contributions :)
Scalmax wrote: 25.05.2023, 19:56I dug thu some code to find place where i think they should be added. Then I looked over subforum, where users add adhoc fixes, but lack of time and other things made me forget about this.
I assume this happens in ZdbcPostgresql.pas. There should be a place where we check the parameters for certificate file locations. That should be the best place to also add the password option.
Scalmax wrote: 25.05.2023, 19:56It's time to set account on github and start pushing...
I will be happy to apply patches. Please keep in mind that the copy on Github is only a mirror. If you issue a pull request, I will apply the patch to our Subversion repository and from there it will be sent to Github.

Best regards,

Jan

Re: PostgreSQL sslpassword

Posted: 07.07.2023, 19:04
by Scalmax
I created patch using diff. File is in the attachment. Source code is taken from:
https://sourceforge.net/p/zeoslib/code- ... 0-patches/

Re: PostgreSQL sslpassword

Posted: 16.07.2023, 12:37
by marsupilami
I applied your patches, so I think, this is redundant?

Re: PostgreSQL sslpassword

Posted: 25.07.2023, 14:27
by Scalmax
Yes, it it redundant.
Note for future readers: Due to merged pull requests, this thread is ready for being locked and archived in my opinion.

Re: PostgreSQL sslpassword

Posted: 25.07.2023, 16:06
by marsupilami
Locked ;)