Skip site navigation (1) Skip section navigation (2)

Re: be-secure.c patch

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Cc: Libor HohoŇ° <liho(at)d-prog(dot)cz>
Subject: Re: be-secure.c patch
Date: 2006-04-27 14:12:12
Message-ID: (view raw or whole thread)
Lists: pgsql-patches
I am now wondering if fe-secure.c, the front-end code, should also check
for "root.crl".  The attached patch implents it.  Is it a good idea?

Also, if you look in interfaces/libpq/fe-secure.c at some NOT_USED
macros you can see there are a few things we don't implement.  Can that
be improved?


> Patch adjusted and applied.  Thanks.
> I added documentation about SSL Certificate Revocation List (CRL) files.
> We throw a log message of "root.crl" does exist.  Perhaps we should just
> silently say nothing, but that seems dangerous.
> ---------------------------------------------------------------------------
> Libor Hoho<B9> wrote:
> >     Hello PG folks,
> > the attachement contains a simple patch to adding of verification of
> client's certificate(s)
> > against CRL on server side in mutual SSL authentication.
> > The CRL file has name "root.crl" and it must be stored in PGDATA
> directory.

  Bruce Momjian

  + If your life is a hard drive, Christ can be your backup. +


pgsql-patches by date

Next:From: Bruce MomjianDate: 2006-04-27 14:17:36
Subject: Re: plpython improvements
Previous:From: Atsushi OgawaDate: 2006-04-27 12:27:54
Subject: Improvement of search for a binary operator

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group