Before this commit clusters created with a version lower than 8.1.0
would not have SSL enabled by default. This changes that to enable it by
default always. The only difference is that old clusters (created before
8.1.0), will have "sslmode=prefer" in their `citus.node_conninfo`
setting. New clusters will have "sslmode=require". These settings are
equivalent from an attackers point of view. They both protect against
passive eavesdropping, but are vulnerable to an active MITM attack.
Semmle reported quite some places where we use a value that could be NULL. Most of these are not actually a real issue, but better to be on the safe side with these things and make the static analysis happy.
When using --allow-group-access option from initdb our keys and
certificates would be created with 0640 permissions. Which is a pretty
serious security issue: This changes that. This would not be exploitable
though, since postgres would not actually enable SSL and would output
the following message in the logs:
```
DETAIL: File must have permissions u=rw (0600) or less if owned by the database user, or permissions u=rw,g=r (0640) or less if owned by root.
```
Since citus still expected the cluster to have SSL enabled handshakes
between workers and coordinator would fail. So instead of a security
issue the cluster would simply be unusable.
Jelte Fennema
SaitTalhaNisanci
Nils Dijk
Nils Dijk