From: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
---|---|
To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Allow matching whole DN from a client certificate |
Date: | 2020-11-18 18:01:09 |
Message-ID: | daf119af-60a3-54d9-978e-8c97a602ca28@dunslane.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 11/12/20 4:21 PM, Andrew Dunstan wrote:
> On 11/12/20 8:37 AM, Daniel Gustafsson wrote:
>>> On 11 Nov 2020, at 21:44, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>>> If people like this idea I'll add tests and docco and add it to the next CF.
>> Sounds like a good idea, please do.
>>
>> Can this case really happen in non-ancient OpenSSL version?
>> + if (!x509name)
> Probably not. I'll get rid of that.
>
>
>> Doesn't this returnpath need a pfree(peer_cn)?
>> + bio = BIO_new(BIO_s_mem());
>> + if (!bio)
>> + {
>> + return -1;
>> + }
>>
> Yeah, I'll make another pass over the cleanups.
>
OK, here's a new patch, including docco and tests.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
Attachment | Content-Type | Size |
---|---|---|
ssl-match-client-cert-dn-v2.patch | text/x-patch | 16.5 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2020-11-18 18:13:42 | Re: [Patch] Optimize dropping of relation buffers using dlist |
Previous Message | Robert Haas | 2020-11-18 17:59:01 | Re: VACUUM (DISABLE_PAGE_SKIPPING on) |