How to connect cl+ssl with host ca verification?

Sabra Crolleton sabra.crolleton at gmail.com
Wed Mar 23 00:50:12 UTC 2022 

Postmodern uses cl+ssl and I do not see cl+ssl using a root ca. Maybe I am
missing something in that library?

On Mon, Mar 21, 2022 at 9:37 PM Tim Hawes <trhawes at gmail.com> wrote:

> Sorry Sabra, I didn't intend to reply to you directly.
>
> ---------- Forwarded message ---------
> From: Tim Hawes <trhawes at gmail.com>
> Date: Mon, Mar 21, 2022 at 9:35 PM
> Subject: Re: How to connect cl+ssl with host ca verification?
> To: Sabra Crolleton <sabra.crolleton at gmail.com>
>
>
> That works, but it looks like the root ca has to be added to the system.
> If using psql I could specify where all the certs I want to use to connect
> with like so:
>
> $>psql "port=5432 host=localhost user=postgres sslcert=./test/client.crt
> sslkey=./test/client.key sslrootcert=./test/server.crt sslmode=verify-full"
> Is there an equivalent in Postmodern?
>
> On Mon, Mar 21, 2022 at 8:36 PM Sabra Crolleton <sabra.crolleton at gmail.com>
> wrote:
>
>> The cl-postgres (open-database ...) function has :use-ssl as a key
>> parameter where the parameter values:
>>
>>    - :try means if the server supports it
>>    - :require means use provided ssl certificate with no verification
>>    - :yes means verify that the server cert is issued by a trusted CA,
>>    but does not verify the server hostname
>>    - :full means expect a CA-signed cert for the supplied hostname and
>>    verify the server hostname
>>
>> This is mirrored in the postmodern (connect ...) function.
>>
>> If I understand your question correctly, you want to use :full as the
>> parameter passed to :use-ssl. E.g.
>>
>>> (connect "test_db" "test-user" "test-password" "192.168.5.223"
>>>          :port 5434 :pooled-p t :use-ssl :full)
>>>
>>> But maybe I am not understanding your question correctly.
>>
>> Sabra
>>
>> On Mon, Mar 21, 2022 at 7:50 PM Tim Hawes <trhawes at gmail.com> wrote:
>>
>>> I am not finding any helpful information in how to connect to PostgreSQL
>>> using client key/client cert and a root ca for verifying the host with
>>> Postmodern. Can someone send me an example?
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/postmodern-devel/attachments/20220322/3d50e57f/attachment.html>

More information about the postmodern-devel mailing list