From a123e5b4e575b5eb3c68ae4ab87c508d341242df Mon Sep 17 00:00:00 2001
From: Joshua Brindle <joshua.brindle@crunchydata.com>
Date: Mon, 21 Jun 2021 15:25:10 -0400
Subject: [PATCH] Add defaults for sslcert, sslkey, and sslrootcert

per https://www.postgresql.org/docs/current/libpq-ssl.html
psql will use client certs located in ~/.postgresql on posix systems
or %APPDATA%\postgresql on Windows systems.
---
 defaults.go         | 13 +++++++++++++
 defaults_windows.go | 13 +++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/defaults.go b/defaults.go
index d3313481..f69cad31 100644
--- a/defaults.go
+++ b/defaults.go
@@ -22,6 +22,19 @@ func defaultSettings() map[string]string {
 		settings["user"] = user.Username
 		settings["passfile"] = filepath.Join(user.HomeDir, ".pgpass")
 		settings["servicefile"] = filepath.Join(user.HomeDir, ".pg_service.conf")
+		sslcert := filepath.Join(user.HomeDir, ".postgresql", "postgresql.crt")
+		sslkey := filepath.Join(user.HomeDir, ".postgresql", "postgresql.key")
+		if _, err := os.Stat(sslcert); err == nil {
+			if _, err := os.Stat(sslkey); err == nil {
+				// Both the cert and key must be present to use them, or do not use either
+				settings["sslcert"] = sslcert
+				settings["sslkey"] = sslkey
+			}
+		}
+		sslrootcert := filepath.Join(user.HomeDir, ".postgresql", "root.crt")
+		if _, err := os.Stat(sslrootcert); err == nil {
+			settings["sslrootcert"] = sslrootcert
+		}
 	}
 
 	settings["target_session_attrs"] = "any"
diff --git a/defaults_windows.go b/defaults_windows.go
index 55243700..71eb77db 100644
--- a/defaults_windows.go
+++ b/defaults_windows.go
@@ -29,6 +29,19 @@ func defaultSettings() map[string]string {
 		settings["user"] = username
 		settings["passfile"] = filepath.Join(appData, "postgresql", "pgpass.conf")
 		settings["servicefile"] = filepath.Join(user.HomeDir, ".pg_service.conf")
+		sslcert := filepath.Join(appData, "postgresql", "postgresql.crt")
+		sslkey := filepath.Join(appData, "postgresql", "postgresql.key")
+		if _, err := os.Stat(sslcert); err == nil {
+			if _, err := os.Stat(sslkey); err == nil {
+				// Both the cert and key must be present to use them, or do not use either
+				settings["sslcert"] = sslcert
+				settings["sslkey"] = sslkey
+			}
+		}
+		sslrootcert := filepath.Join(appData, "postgresql", "root.crt")
+		if _, err := os.Stat(sslrootcert); err == nil {
+			settings["sslrootcert"] = sslrootcert
+		}
 	}
 
 	settings["target_session_attrs"] = "any"