Support inline SSL certificates

[amenzhinsky]

pq just added this feature https://github.com/lib/pq/pull/818/files and it would be really nice to have this here because in the containers world certs are usually passed to apps as environment variables.

Now we have to manually compose TLS config:

pair, err := tls.X509KeyPair(cert, key)
if err != nil {
    return err
}
config := &tls.Config{
    ServerName:   serverName,
    Certificates: []tls.Certificate{pair},
    RootCAs:      x509.NewCertPool(),
}
if !config.RootCAs.AppendCertsFromPEM(ca) {
    return errors.New("cannot append root CA certificates")
}
poolConfig.ConnConfig.TLSConfig = config

[jackc]

I try to stick as closely as possible to how the standard PostgreSQL client library handles environment variables. I'd like to know if this feature is or will be there and then match their behavior.

[fairclothjm]

@jackc Hello, I see this was closed as not planned. However, would you consider accepting a PR contribution to support inline SSL certificates? We have a need for this feature since Vault is now using pgx.

From the docs, it looks like this would not match the libpq behavior but it would be opt-in if ssline=true. Would you consider it in that case? Thanks!

[fairclothjm]

cc @bfontaine

[Shailee]

@jackc @bfontaine wanted to do a follow up on the previous request from @fairclothjm if you would be able to accept a PR for this? We have a customer that is blocked on Vault's usage because of this behavior, and it would be helpful if we can have this addressed.

[bfontaine]

Hi @Shailee I joined the project in 2022 only to help with support; I’m not a maintainer. I actually quit the project a couple weeks ago because I wasn’t active anymore.

[Shailee]

Thanks @bfontaine for your response.

@jackc Pinging again to see if accepting a PR on this will be something you are open to?

Since we adopted this library for HashiCorp Vault, customers have been keen to get this feature that was part of the previous library as they heavily relied on it, and it would be very helpful.

[jackc]

My opinion is still:

I try to stick as closely as possible to how the standard PostgreSQL client library handles environment variables. I'd like to know if this feature is or will be there and then match their behavior.