| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Craig Ringer <craig(at)2ndquadrant(dot)com>, Ian Pilcher <arequipeno(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org, tgl(at)sss(dot)pgh(dot)pa(dot)us, stellr(at)vt(dot)edu, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: [GENERAL] Trust intermediate CA for client certificates |
| Date: | 2013-03-19 12:28:23 |
| Message-ID: | 20130319122823.GB1327@momjian.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
On Tue, Mar 19, 2013 at 01:46:32AM -0400, Stephen Frost wrote:
> > I guess that suggests we should be calling this something like
> > 'ssl_authorized_client_roots'.
>
> I'm no longer convinced that this really makes sense and I'm a bit
> worried about the simple authentication issue which I thought was at the
> heart of this concern. Is there anything there that you see as being an
> issue with what we're doing currently..?
I too am worried that make SSL even more flexible will make simple setups
more complex to setup.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ It's impossible for everything to be true. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2013-03-19 12:39:25 | Re: Trust intermediate CA for client certificates |
| Previous Message | Albe Laurenz | 2013-03-19 08:32:43 | Re: Concurrent updates |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2013-03-19 12:39:25 | Re: Trust intermediate CA for client certificates |
| Previous Message | Magnus Hagander | 2013-03-19 11:49:15 | Re: backward incompatible pg_basebackup and pg_receivexlog |