| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Ulrich Meis <kenobi(at)halifax(dot)rwth-aachen(dot)de>, pgsql-jdbc(at)postgresql(dot)org |
| Subject: | Re: A solution to the SSL customizing problem |
| Date: | 2004-10-11 19:53:34 |
| Message-ID: | Pine.BSO.4.56.0410111451040.19235@leary.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Mon, 11 Oct 2004, Tom Lane wrote:
> Ulrich Meis <kenobi(at)halifax(dot)rwth-aachen(dot)de> writes:
> > I propose a different solution.
>
> One small question --- have you checked that this behaves reasonably
> with both a CVS-tip postmaster and prior releases? CVS tip does do
> certificate presentation and checking, whereas that stuff was
> mistakenly disabled in 7.4. (I think all the relevant changes are
> present in 8.0beta3, but not earlier.)
>
The problem he's talking about is Java's default verification of the
server certificate by the client, not presentation of a client certificate
to be checked by the server. Currently the JDBC driver does not handle
client certificates at all.
Kris Jurka
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kris Jurka | 2004-10-11 20:07:51 | Re: A solution to the SSL customizing problem |
| Previous Message | Barry Lind | 2004-10-11 17:59:58 | Re: datatype conversion thoughts |