Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The PostgreSQL 42.6.0 driver does not support ECDSA (Elliptic Curve Digital Signature Algorithm) #132758

Open
SUNsung opened this issue Oct 16, 2024 · 3 comments
Open

The PostgreSQL 42.6.0 driver does not support ECDSA (Elliptic Curve Digital Signature Algorithm) #132758

SUNsung opened this issue Oct 16, 2024 · 3 comments
Labels
A-docs branch-master Failures and bugs on the master branch. C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. O-community Originated from the community T-product-security

Comments

@SUNsung
Copy link

SUNsung commented Oct 16, 2024
edited by cockroach-jira-scripts
Loading

Describe the problem

I encountered an issue where Go (and CockroachDB) works fine with any kind of certificates, but when trying to connect a 3rd party application (JetBrains), I ran into cryptography problems.

To Reproduce

I followed the instructions from the CockroachDB documentation, but it didn't work as expected. Six hours later, I discovered it was a PostgreSQL driver issue (version 42.2 to 42.6, I haven’t tested earlier versions). Through experimentation, I found that the driver only works with RSA cryptography.

Expected behavior

It would be helpful if this was mentioned in the documentation.

Environment:

  • CockroachDB version v23.1.28
  • Server OS: Docker
  • Client app: intellij-idea

Also there are questions about cryptography that I haven't found in the documentation:

  1. Is it possible to update the certificate without restarting the node (especially for the CA)?
  2. How can I disable TLS for the webserver (port 8080) without disabling TLS for everything else?
  3. How can I run the node without a webserver, just as part of a cluster?

Jira issue: CRDB-43267
@SUNsung SUNsung added the C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. label Oct 16, 2024
@blathers-crl blathers[crl]
Copy link

blathers-crl bot commented Oct 16, 2024

Hi @SUNsung, please add branch-* labels to identify which branch(es) this C-bug affects.

🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.

@blathers-crl blathers[crl]
Copy link

blathers-crl bot commented Oct 16, 2024

Hello, I am Blathers. I am here to help you get the issue triaged.

Hoot - a bug! Though bugs are the bane of my existence, rest assured the wretched thing will get the best of care here.

I was unable to automatically find someone to ping.

If we have not gotten back to your issue within a few business days, you can try the following:

  • Join our community slack channel and ask on #cockroachdb.
  • Try find someone from here if you know they worked closely on the area and CC them.

🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf.

@blathers-crl blathers-crl bot added O-community Originated from the community X-blathers-untriaged blathers was unable to find an owner labels Oct 16, 2024
@jeffswenson jeffswenson added T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions) A-docs T-server-and-security DB Server & Security and removed T-sql-foundations SQL Foundations Team (formerly SQL Schema + SQL Sessions) labels Oct 17, 2024
@souravcrl
Copy link
Contributor

For 1, It is possible but only for the case where we are running the nodes directly and not using k8s using SIGHUP https://www.cockroachlabs.com/docs/v23.2/rotate-certificates#rotate-the-ca-certificate

@yuzefovich yuzefovich removed the X-blathers-untriaged blathers was unable to find an owner label Oct 29, 2024
@exalate-issue-sync exalate-issue-sync bot added the branch-master Failures and bugs on the master branch. label Oct 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-docs branch-master Failures and bugs on the master branch. C-bug Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior. O-community Originated from the community T-product-security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@yuzefovich @jeffswenson @SUNsung @souravcrl @cthumuluru-crdb