Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read environment variables for SSL Certificate bundle #167

Open
robe2 opened this issue Aug 20, 2023 · 2 comments
Open

Read environment variables for SSL Certificate bundle #167

robe2 opened this issue Aug 20, 2023 · 2 comments

Comments

@robe2
Copy link
Contributor

robe2 commented Aug 20, 2023

To satisfy ogr_fdw, I can register a windows system environment variable:

CURL_CA_BUNDLE = C:\Program Files\PostgreSQL\15\ssl\certs\ca-bundle.crt

So I don't have to set it each time I need to reach a https site.

Sadly, http extension, I have to do this:

SELECT http_set_curlopt('CURLOPT_CAINFO', 'C:\Program Files\PostgreSQL\15\ssl\certs\ca-bundle.crt');
SELECT http_get('https://postgis.net');

Would be nice if it could read environment variables in a similar fashion to GDAL
@pramsey
Copy link
Owner

pramsey commented Aug 20, 2023
edited
Loading

Hrm. Does that mean I have to read all CURLOPTs from the environment? Should I then also consider reading them from GUCs? (Still cannot remember why I stopped doing that, maybe just the bad smell after all those postgis_raster upgrade issues.)

@robe2
Copy link
Contributor Author

robe2 commented Aug 22, 2023

If you go with your plan of dynamic GUCS (#89 ) that would work too and be more comprehensive.

The issue we had with postgis_raster is because since the GUCS were well defined in our code, a reload of the lib triggered a reregister of the GUCS and thus an annoying kind of alarming message. I think it only happens though if the lib names are different e.g. I noticed it when upgrading a 3.4 that had postgis-3.4.so for name to a postgis-3.5.so

Can't do below in same session

SELECT postgis_full_version();
SELECT postgis_extensions_upgrade();

But the http lib file name never changes, so I suspect the issue is moot for http extension.

Also if you don't explicitly define the GUCs in the code but you look for them by name, I think that may work.

I'm not sure if there is a downside to just allowing users to define anything they want http.whatever or if there is some rule, like you can't reference them if you don't define them in your code.

I tried with a readonly account and seems to work fine that I can register an arbitrary http.whatever and it sticks so assume it doesn't require super user privileges, but didn't try fumbling with the http code to see if it could actually read a GUC it did not register.

For my selfish reasons, I'd just like to define environment variable the CURLOPT_CAINFO since that is rarely ever known in windows and is a nuisance to have to set each time and since everything is https these days you can't get around it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pramsey @robe2