-
Notifications
You must be signed in to change notification settings - Fork 119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Read environment variables for SSL Certificate bundle #167
Comments
Hrm. Does that mean I have to read all CURLOPTs from the environment? Should I then also consider reading them from GUCs? (Still cannot remember why I stopped doing that, maybe just the bad smell after all those postgis_raster upgrade issues.) |
If you go with your plan of dynamic GUCS (#89 ) that would work too and be more comprehensive. The issue we had with postgis_raster is because since the GUCS were well defined in our code, a reload of the lib triggered a reregister of the GUCS and thus an annoying kind of alarming message. I think it only happens though if the lib names are different e.g. I noticed it when upgrading a 3.4 that had postgis-3.4.so for name to a postgis-3.5.so Can't do below in same session
But the http lib file name never changes, so I suspect the issue is moot for http extension. Also if you don't explicitly define the GUCs in the code but you look for them by name, I think that may work. I'm not sure if there is a downside to just allowing users to define anything they want http.whatever or if there is some rule, like you can't reference them if you don't define them in your code. I tried with a readonly account and seems to work fine that I can register an arbitrary http.whatever and it sticks so assume it doesn't require super user privileges, but didn't try fumbling with the http code to see if it could actually read a GUC it did not register. For my selfish reasons, I'd just like to define environment variable the CURLOPT_CAINFO since that is rarely ever known in windows and is a nuisance to have to set each time and since everything is https these days you can't get around it. |
To satisfy ogr_fdw, I can register a windows system environment variable:
CURL_CA_BUNDLE = C:\Program Files\PostgreSQL\15\ssl\certs\ca-bundle.crt
So I don't have to set it each time I need to reach a https site.
Sadly, http extension, I have to do this:
Would be nice if it could read environment variables in a similar fashion to GDAL
The text was updated successfully, but these errors were encountered: