Skip site navigation (1) Skip section navigation (2)

SSL (patch 9)

From: Bear Giles <bgiles(at)coyotesong(dot)com>
To: pgsql-patches(at)postgresql(dot)org
Subject: SSL (patch 9)
Date: 2002-05-25 08:06:55
Message-ID: 200205250806.CAA12734@eris.coyotesong.com (view raw or flat)
Thread:
Lists: pgsql-patches
SSL patch that adds support for optional client certificates.

If the user has certificates in $HOME/.postgresql/postgresql.crt
and $HOME/.postgresql/postgresql.key exist, they are provided
to the server.  The certificate used to sign this cert must be
known to the server, in $DataDir/root.crt.  If successful, the
cert's "common name" is logged.

Client certs are not used for authentication, but they could be
via the port->peer (X509 *), port->peer_dn (char *) or
port->peer_cn (char *) fields.  Or any other function could be
used, e.g., many sites like the issuer + serial number hash.

Bear

Responses

pgsql-patches by date

Next:From: Bear GilesDate: 2002-05-25 08:20:00
Subject: SSL (patch 10)
Previous:From: Bear GilesDate: 2002-05-25 06:55:07
Subject: SSL (patch 8 - contents)

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group