From: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
---|---|
To: | peter(dot)eisentraut(at)enterprisedb(dot)com |
Cc: | sfrost(at)snowman(dot)net, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: Is it worth accepting multiple CRLs? |
Date: | 2021-02-18 08:06:25 |
Message-ID: | 20210218.170625.436963865465601123.horikyota.ntt@gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Thanks for committing this!
At Thu, 18 Feb 2021 08:24:23 +0100, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> wrote in
> On 2021-02-17 05:05, Kyotaro Horiguchi wrote:
> > The commit fe61df7f82 shot down this.
> > This patch allows a new GUC ssl_crl_dir and a new libpq connection
> > option sslcrldir to specify CRL directory, which stores multiple files
> > that contains one CRL. With that method server loads only CRLs for the
> > CA of the certificate being validated.
> > Along with rebasing, the documentation is slightly reworded.
>
> Committed this.
>
> I changed the documentation a bit. Instead of having a separate
> section describing the CRL options, I put that information directly
> into the libpq and GUC sections. Some of the information, such as
> that the directory files are loaded on demand, isn't so obviously
> useful in the libpq case, so I found that a bit confusing. Also, I
Agreed.
> got the impression that the hashed directory format is sort of
> internal to OpenSSL, and there are several versions of that format, so
> I didn't want to copy over the description of these internals.
> Instead, I referred to the openssl rehash/c_rehash commands for
> information. If we get support for non-OpenSSL providers, we'll
> probably have to revisit this.
Thanks. I'm fine with that, either.
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
From | Date | Subject | |
---|---|---|---|
Next Message | Pavel Stehule | 2021-02-18 08:16:35 | Re: proposal - psql - use pager for \watch command |
Previous Message | Amit Langote | 2021-02-18 07:35:20 | Re: POC: postgres_fdw insert batching |