Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11

From: Yi Sun <yinan81(at)gmail(dot)com>
To: Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11
Date: 2021-12-01 08:56:11
Message-ID: CABWY_HBYO3sYs5o1PSPmDKdGrPJDWpz1fpKShaB03ZGyJz94UQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hi Kyotaro,

We want to revoke server certificate, just don't know why doesn't take
affect
https://www.postgresql.org/docs/11/ssl-tcp.html
https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-CRL-FILE

Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> 于2021年12月1日周三 下午2:12写道:

> At Tue, 30 Nov 2021 21:53:06 +0800, Yi Sun <yinan81(at)gmail(dot)com> wrote in
> > # cat /home/sunyi/tls/root.crt /home/sunyi/tls/1/root.crl >
> /tmp/test_1.pem
> > # openssl verify -extended_crl -verbose -CAfile /tmp/test_1.pem
> -crl_check
> > /home/sunyi/tls/1/server.crt
>
> I guess what you really wanted to revoke was not server.crt but
> postgresql.crt.
>
> regards.
>
> --
> Kyotaro Horiguchi
> NTT Open Source Software Center
>

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Daniel Gustafsson 2021-12-01 09:05:18 Re: Issues cross-compiling libpq 14.x to MacOS armv8
Previous Message Dilip Kumar 2021-12-01 08:50:38 Re: Max connections reached without max connections reached