| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Bear Giles <bgiles(at)coyotesong(dot)com> |
| Cc: | pgsql-patches(at)postgresql(dot)org |
| Subject: | Re: SSL (patch 9) |
| Date: | 2002-06-14 04:37:02 |
| Message-ID: | 200206140437.g5E4b2F24293@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Patch applied. Thanks.
---------------------------------------------------------------------------
Bear Giles wrote:
> SSL patch that adds support for optional client certificates.
>
> If the user has certificates in $HOME/.postgresql/postgresql.crt
> and $HOME/.postgresql/postgresql.key exist, they are provided
> to the server. The certificate used to sign this cert must be
> known to the server, in $DataDir/root.crt. If successful, the
> cert's "common name" is logged.
>
> Client certs are not used for authentication, but they could be
> via the port->peer (X509 *), port->peer_dn (char *) or
> port->peer_cn (char *) fields. Or any other function could be
> used, e.g., many sites like the issuer + serial number hash.
>
> Bear
Content-Description: /tmp/patch9
[ Attachment, skipping... ]
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2002-06-14 04:38:52 | Re: SSL (patch 10) |
| Previous Message | Bruce Momjian | 2002-06-14 04:35:14 | Re: SSL (patch 8) |