search

lib / pq

Pure Go Postgres driver for database/sql
https://pkg.go.dev/github.com/lib/pq
MIT License
9.04k stars 909 forks source link

Add support for sslcrl option #1048

Open Tasssadar opened 3 years ago

Tasssadar commented 3 years ago

Adds support for the certificate revocation mechanism via CRL. I have tried to mimic what libpq does when verifying CRL. Revocation logic in Go inspired by https://github.com/cloudflare/cfssl/blob/master/revoke/revoke.go#L139

I'm willing to write tests for this, but I need the private key of pq CA to generate the testing CRLs :/

maddyblue commented 3 years ago

https://github.com/lib/pq/tree/master/certs might have that key

Tasssadar commented 3 years ago

https://github.com/lib/pq/tree/master/certs might have that key

There are only the leaf cert private keys there, the CA private key (C=US, ST=Nevada, L=Las Vegas, O=github.com/lib/pq, CN=pq CA) is needed to generate CRL.

otan commented 2 years ago

You can recreate the keys if you want from scratch, just make sure you change them in CI as well. See: https://github.com/lib/pq/pull/1054/ Maybe we should commit the private keys this time :\