Re: Allow matching whole DN from a client certificate

From: Daniel Gustafsson <daniel(at)yesql(dot)se>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Allow matching whole DN from a client certificate
Date: 2020-11-12 13:37:39
Message-ID: 9930F01C-7DA7-444B-818F-3C03DF9A3A90@yesql.se
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

> On 11 Nov 2020, at 21:44, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:

> If people like this idea I'll add tests and docco and add it to the next CF.

Sounds like a good idea, please do.

Can this case really happen in non-ancient OpenSSL version?
+ if (!x509name)

Doesn't this returnpath need a pfree(peer_cn)?
+ bio = BIO_new(BIO_s_mem());
+ if (!bio)
+ {
+ return -1;
+ }

cheers ./daniel

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Alvaro Herrera 2020-11-12 13:40:43 Re: PATCH: Batch/pipelining support for libpq
Previous Message Andrew Gierth 2020-11-12 13:35:31 Re: Strange GiST logic leading to uninitialized memory access in pg_trgm gist code