From: | Julian Markwort <julian(dot)markwort(at)uni-muenster(dot)de> |
---|---|
To: | Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, <arne(dot)scheffer(at)uni-muenster(dot)de> |
Subject: | Re: [PATCH] pg_hba.conf : new auth option : clientcert=verify-full |
Date: | 2018-07-14 12:47:37 |
Message-ID: | permail-201807141247373cc687ad000077fb-j_mark05@message-id.uni-muenster.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi Thomas,
here's a rebased patch, with your observations corrected.
Thomas Munro wrote on 2018-07-13:
> + In this case, the <literal>CN</literal> (nommon name) provided in
> "common name"
> + <literal>CN</literal> (Common Name) in the certificate matches
> "common"? (why a capital letter here?)
I've resorted to "<literal>CN</literal> (Common Name)" on all occurences in this patch now.
Also, while writing this part of the docs, I tried to stay below 80 characters, but I've exceeded it in some places.
There are several other places (several in the .sgml files touched by this patch), where 80 characters are exceeded; How close should one adhere to that limit nowadays?
> This line isn't modified by your patch, but I saw it while in
> proof-reading mode:
> *err_msg = "clientcert can not be set to 0 when using \"cert\"
> authentication";
> I think "can not" is usually written "cannot"?
I'm not sure about can not, cannot, can't... There are 56, respectively 12697, and 2024 occurrences in master right now.
We could touch those lines now and change them to the more common cannot, or we can leave it as is...
> Yeah. The packages to install depend on your operating system, and in
> some cases (macOS, Windows?) which bolt-on package thingamajig you
> use, though. Perhaps the READMEs could be improved with details for
> systems we have reports about (like the recently added "Requirements"
> section of src/test/ldap/README).
That would be nice, however I could only provide the package names for Fedora right now...
Would It make sense to add those on their own?
Or should somebody (maybe myself, when I'm less busy) gather those for most supported systems and commit them as a whole?
kind regards
Julian
Attachment | Content-Type | Size |
---|---|---|
clientcert_verify_full_v05.patch | text/x-patch | 13.3 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2018-07-14 14:29:23 | Re: CVE-2017-7484-induced bugs, or, btree cmp functions are not leakproof? |
Previous Message | Michael Paquier | 2018-07-14 12:13:45 | Re: missing toast table for pg_policy |