 | |
[BUGS] Bogus error message about private key (not a bug).
mailing.database.pgsql-bugs mailing.database.pgsql-bugs
 |
| | Thread Tools | Display Modes |
#1
 
| |||
| |||
|
[BUGS] Bogus error message about private key (not a bug). -
11-16-2004
, 12:49 PM
#2
| |||
| |||
|
|
I believe that the checks in src/backend/libpq/be-secure.c:653 should be performed in a different order (first the access permissions and then the owner of the key) just to give a more appropriate message. |
'cause there's just one message. Are you suggesting more than one
message? Not sure it's worth the trouble ...
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo (AT) postgresql (DOT) org so that your
message can get through to the mailing list cleanly
#3
| |||
| |||
|
|
Stefanos Harhalakis <v13 (AT) priest (DOT) com> writes: I believe that the checks in src/backend/libpq/be-secure.c:653 should be performed in a different order (first the access permissions and then the owner of the key) just to give a more appropriate message. Changing the order of the tests wouldn't change the message, though, 'cause there's just one message. Are you suggesting more than one message? Not sure it's worth the trouble ... |
This is from SSL_CTX_use_PrivateKey_file() so something like this:
--- be-secure.c.orig 2004-11-16 22:30:35.000000000 +0200
+++ be-secure.c 2004-11-16 22:32:42.000000000 +0200
@@ -650,6 +650,11 @@
(errcode_for_file_access(),
errmsg("could not access private key file \"%s\": %m",
fnbuf)));
+ if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
+ ereport(FATAL,
+ (errmsg("could not load private key file \"%s\": %s",
+ fnbuf, SSLerrmessage())));
+
if (!S_ISREG(buf.st_mode) || (buf.st_mode & (S_IRWXG | S_IRWXO)) ||
buf.st_uid != getuid())
ereport(FATAL,
@@ -658,11 +663,6 @@
fnbuf),
errdetail("File must be owned by the database user and must have no permissions for \"group\" or \"other\".")));
- if (!SSL_CTX_use_PrivateKey_file(SSL_context, fnbuf, SSL_FILETYPE_PEM))
- ereport(FATAL,
- (errmsg("could not load private key file \"%s\": %s",
- fnbuf, SSLerrmessage())));
-
if (!SSL_CTX_check_private_key(SSL_context))
ereport(FATAL,
(errmsg("check of private key failed: %s",
could produce a more meaningfull message. (this places the
SSL_CTX_use_PrivateKey_file() call before the permissions check, but as you
said, this may not worth the trouble.
There is one more thing. Perhaps you may want to apply this:
--- be-secure.c.orig 2004-11-16 22:30:35.000000000 +0200
+++ be-secure.c.2 2004-11-16 22:35:45.000000000 +0200
@@ -651,7 +651,7 @@
errmsg("could not access private key file \"%s\": %m",
fnbuf)));
if (!S_ISREG(buf.st_mode) || (buf.st_mode & (S_IRWXG | S_IRWXO)) ||
- buf.st_uid != getuid())
+ (buf.st_uid != getuid() && buf.st_uid))
ereport(FATAL,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("unsafe permissions on private key file \"%s\"",
so that it will be possible to have a private key owned by root with strict
permissions where the access can be controled by ACLs. Using the existing
method it is not possible to have root owner and give postgresql
(and possibly others too) read permissions to the key using ACLs. I believe
that there will be cases where a server has one certificate only, for all of
its services, and the same private key will must be shared between
postgresql, apache, sendmail and possibly other programs.
<<V13>>
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo (AT) postgresql (DOT) org so that your
message can get through to the mailing list cleanly
|
« Previous Thread
|
Next Thread »
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.