From: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
---|---|
To: | bruce(at)momjian(dot)us |
Cc: | michael(at)paquier(dot)xyz, pgsql-hackers(at)lists(dot)postgresql(dot)org |
Subject: | Re: "cert" + clientcert=verify-ca in pg_hba.conf? |
Date: | 2020-10-05 01:25:08 |
Message-ID: | 20201005.102508.1114563385970077497.horikyota.ntt@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
At Fri, 2 Oct 2020 22:55:45 -0400, Bruce Momjian <bruce(at)momjian(dot)us> wrote in
> On Fri, Sep 25, 2020 at 09:33:48AM +0900, Kyotaro Horiguchi wrote:
> > At Thu, 24 Sep 2020 11:43:40 -0400, Bruce Momjian <bruce(at)momjian(dot)us> wrote in
> > > On Thu, Sep 24, 2020 at 12:44:01PM +0900, Michael Paquier wrote:
> > > > On Tue, Sep 01, 2020 at 10:27:03PM -0400, Bruce Momjian wrote:
> > > > > OK, good. Let's wait a few days and I will then apply it for PG 14.
> > > >
> > > > It has been a few days, and nothing has happened here. I have not
> > > > looked at the patch in details, so I cannot say if that's fine or not,
> > > > but please note that the patch fails to apply per the CF bot.
> > >
> > > I will handle it.
> >
> > Thank you Bruce, Michael. This is a rebased version.
> >
> > regards.
> >
> > --
> > Kyotaro Horiguchi
> > NTT Open Source Software Center
>
> > >From 2978479ada887284eae0ed36c8acf29f1a002feb Mon Sep 17 00:00:00 2001
> > From: Kyotaro Horiguchi <horikyoga(dot)ntt(at)gmail(dot)com>
> > Date: Tue, 21 Jul 2020 23:01:27 +0900
> > Subject: [PATCH v2] Allow directory name for GUC ssl_crl_file and connection
> > option sslcrl
> >
> > X509_STORE_load_locations accepts a directory, which leads to
> > on-demand loading method with which method only relevant CRLs are
> > loaded.
>
> Uh, I think this CRL patch is the wrong patch. This thread is about the
> clientcert=verify-ca in pg_hba.conf. I will use the patch I developed
> and posted on Tue, 1 Sep 2020 11:47:34 -0400 in this thread.
Mmmm. Sorry for the silly mistake. I'm confused with another one.
FWIW, the cause is a rewording of "cannot" to "can not". This is the
right one.
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
Attachment | Content-Type | Size |
---|---|---|
cert2.diff | text/x-patch | 3.4 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | k.jamison@fujitsu.com | 2020-10-05 01:29:07 | RE: [Patch] Optimize dropping of relation buffers using dlist |
Previous Message | Tom Lane | 2020-10-05 01:18:24 | Re: A modest proposal: let's add PID to assertion failure messages |