| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org> |
| Cc: | Libor Hohoš <liho(at)d-prog(dot)cz> |
| Subject: | Re: be-secure.c patch |
| Date: | 2006-04-27 14:12:12 |
| Message-ID: | 200604271412.k3RECCj17731@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
I am now wondering if fe-secure.c, the front-end code, should also check
for "root.crl". The attached patch implents it. Is it a good idea?
Also, if you look in interfaces/libpq/fe-secure.c at some NOT_USED
macros you can see there are a few things we don't implement. Can that
be improved?
---------------------------------------------------------------------------
> Patch adjusted and applied. Thanks.
>
> I added documentation about SSL Certificate Revocation List (CRL) files.
>
> We throw a log message of "root.crl" does exist. Perhaps we should just
> silently say nothing, but that seems dangerous.
>
> ---------------------------------------------------------------------------
>
>
>
> Libor Hoho<B9> wrote:
> > Hello PG folks,
> > the attachement contains a simple patch to adding of verification of
> client's certificate(s)
> > against CRL on server side in mutual SSL authentication.
> > The CRL file has name "root.crl" and it must be stored in PGDATA
> directory.
--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
| Attachment | Content-Type | Size |
|---|---|---|
| unknown_filename | text/plain | 1.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2006-04-27 14:17:36 | Re: plpython improvements |
| Previous Message | Atsushi Ogawa | 2006-04-27 12:27:54 | Improvement of search for a binary operator |