ruby on rails - pg gem sslmode=verify-full, where to place certificates? -

-

is there way pg-gem use sslmode = verify-full it's postgres connection? simple passing string in? have rails app want full ca protected ssl connections on external db , don't know how setup ca part of that. using require on sslmode defaults use ssl traffic don't know (or under user, etc.) should placing certificates verification. should place them under ~/.postgresql/ in normal psql client workflow verified ssl certs names root.crt , postgresql.cert , postgresql.key?

i'm using postgres 9.1 if helps @ all.

edit come later:

the following database.yml file seems work test on dev machine. i'll writing blog post on issue sure since such pita figure out going wrong.

  host: 127.0.0.1   sslcert: <%= rails.root.join('config', 'client.crt') %>   sslkey: <%= rails.root.join('config', 'client.key') %>   sslrootcert: <%= rails.root.join('config', 'root.crt') %>   sslmode: verify-full   database: pg-test_development   username: postgres   password:

the pg gem uses libpq internally, same client library postgresql tools psql.

by default libpq looks in ~/.postgresql/ ca certificate.

from the manual:

to allow server certificate verification, certificate(s) of 1 or more trusted cas must placed in file ~/.postgresql/root.crt in user's home directory. (on microsoft windows file named %appdata%\postgresql\root.crt.)

... , ...

the location of root certificate file , crl can changed setting connection parameters sslrootcert , sslcrl [...]

afaik rails passes put in database.yml pg gem, passes libpq connection parameter. should able add key/value entries database.yml stanzas like:

sslmode: verify-full # , if don't want use ~/.postgresq/root.crt cert location, set: sslrootcert: /path/to/my/app/root/cert.crt

imo requirement pass single root cert libpq design flaw. should load trusted certificate database. similar issues exist use of ssl client certificates, can't supply keystore , cert store, must pass specific files given host. sounds that's ok since know upstream certificate signing authority.


Comments

Post a Comment

Popular posts from this blog

android - Gradle sync Error:Configuration with name 'default' not found -

-
i want add external library guillotinemenu-android in application. followed steps given in upvoted answer existing question how add library project android studio? facing error when try build project after step 6 i.e. when added dependency in app/build.gradle compile project(":guillotinemenu") . tried stackoverflow links related error not working out. have made folder named libs in app directory , copied project folder guillotine menu there. here build.gradle(module:app) file apply plugin: 'com.android.application' android { compilesdkversion 22 buildtoolsversion "22.0.1" defaultconfig { applicationid "com.sunshine.bbreaker.appet_i" minsdkversion 14 targetsdkversion 22 versioncode 1 versionname "1.0" } buildtypes { release { minifyenabled false proguardfiles getdefaultproguardfile('proguard-android.txt'), 'proguard-rules.p
Read more

java - Andrioid studio start fail: Fatal error initializing 'null' -

-
i don't know happened android studio,when start ,it shows me error message below. , try uninstall/reinstall it,but doesn't work.who can me!!! internal error. please report https://code.google.com/p/android/issues java.lang.runtimeexception: com.intellij.ide.plugins.pluginmanager$startupabortedexception: fatal error initializing 'null' @ com.intellij.idea.ideaapplication.run(ideaapplication.java:178) @ com.intellij.idea.mainimpl$1$1$1.run(mainimpl.java:52) @ java.awt.event.invocationevent.dispatch(invocationevent.java:209) @ java.awt.eventqueue.dispatcheventimpl(eventqueue.java:715) @ java.awt.eventqueue.access$400(eventqueue.java:82) @ java.awt.eventqueue$2.run(eventqueue.java:676) @ java.awt.eventqueue$2.run(eventqueue.java:674) @ java.security.accesscontroller.doprivileged(native method) @ java.security.accesscontrolcontext$1.dointersectionprivilege(accesscontrolcontext.java:86) @ java.awt.eventqueue.dispatchevent(eventqu
Read more

html - jQuery UI Sortable - Remove placeholder after item is dropped -

-
i'm trying nested sortable , i'm kind'a succeeding, there's 1 small little inconvenience bugs me. i want placeholder disappear after i've dropped dragged item (on mouseup) , can't quite figure out how it. i want because when sort downwards, deletion of placeholder affects parent's height, in turn creates small bug, check jsfiddle here. html <div class="container"> <h1>menu</h1> <ul class="list-group striped nest"> <li class="list-group-item">home <ul class="list-group striped nest"></ul></li> <li class="list-group-item">about <ul class="list-group striped nest"></ul></li> <li class="list-group-item"> services <ul class="list-group striped nest"> <li class="list-group-item">design <ul class=
Read more