| From: | Yi Sun <yinan81(at)gmail(dot)com> |
|---|---|
| To: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11 |
| Date: | 2021-12-02 03:31:26 |
| Message-ID: | CABWY_HCjmzoGB1chrJXG6otCVdg9teuW-UJr4afeSjjRZZKxFA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi Kyotaro
From the description, seems ~/.postgresql/root.crl is store client
revoked certificate
https://www.postgresql.org/docs/11/libpq-ssl.html
~/.postgresql/root.crl certificates revoked by certificate authorities server
certificate must not be on this list
Just don't know why server parameter ssl_crl_file parameter configured but
don't take affect
https://www.postgresql.org/docs/11/runtime-config-connection.html#GUC-SSL-CRL-FILE
ssl_crl_file (string)
Specifies the name of the file containing the SSL server certificate
revocation list (CRL). Relative paths are relative to the data directory.
This parameter can only be set in the postgresql.conf file or on the server
command line. The default is empty, meaning no CRL file is loaded.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rob Sargent | 2021-12-02 03:54:20 | Re: Max connections reached without max connections reached |
| Previous Message | Michael Lewis | 2021-12-02 02:08:08 | Re: Max connections reached without max connections reached |