Skip site navigation (1) Skip section navigation (2)

Fw: be-secure.c patch

From: Libor Hohoš <liho(at)d-prog(dot)cz>
To: "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: <pgsql-patches(at)postgresql(dot)org>
Subject: Fw: be-secure.c patch
Date: 2006-03-21 14:26:15
Message-ID: 00bf01c64cf3$69ce75e0$6802a8c0@kometa (view raw or flat)
Thread:
Lists: pgsql-patches
----- Original Message ----- 
From: "Libor Hohoš" <liho(at)d-prog(dot)cz>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Sent: Wednesday, August 31, 2005 10:06 AM
Subject: Re: [PATCHES] be-secure.c patch


>>> root.crT is file with X509 certificate of  Certification Authority
>>> root.crL is file with X509 Certificate Revocation List issued by this
>>> Certification Authority
>>
>> Oh, is that what it does?  Is this documented anywhere?
>
> Once more : the patch ONLY allows adding CRL (in file root.crL) to the
> proccess of verification of certificate in mutual SSL authentization
> and this proccess is managed by OpenSSL library linked with PostgreSQL.
>
> So that, if  I need SSL communication with verification of client
> certificate(s), I must copy root.crT file into PGDATA directory
> on server side (existing functionality).
> And, in this case, if  I need "better" verification of client 
> certificate(s)
> (the verification against CRL), I must :
> 1.) to apply the patch
> 2.) to copy root.crl file into PGDATA directory of PostgreSQL server
> 3.) to (re)start PostgreSQL server
>
>  Best regards
>       Libor
> 


pgsql-patches by date

Next:From: Alvaro HerreraDate: 2006-03-21 14:28:23
Subject: Re: fix of some issues with multi-line query editing
Previous:From: Bruce MomjianDate: 2006-03-21 13:54:08
Subject: Re: be-secure.c patch

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group