Skip site navigation (1) Skip section navigation (2)

Re: be-secure.c patch

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Cc: Libor HohoŇ° <liho(at)d-prog(dot)cz>
Subject: Re: be-secure.c patch
Date: 2006-04-27 14:12:12
Message-ID: 200604271412.k3RECCj17731@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-patches
I am now wondering if fe-secure.c, the front-end code, should also check
for "root.crl".  The attached patch implents it.  Is it a good idea?

Also, if you look in interfaces/libpq/fe-secure.c at some NOT_USED
macros you can see there are a few things we don't implement.  Can that
be improved?

---------------------------------------------------------------------------

> Patch adjusted and applied.  Thanks.
> 
> I added documentation about SSL Certificate Revocation List (CRL) files.
> 
> We throw a log message of "root.crl" does exist.  Perhaps we should just
> silently say nothing, but that seems dangerous.
> 
> ---------------------------------------------------------------------------
> 
> 
> 
> Libor Hoho<B9> wrote:
> >     Hello PG folks,
> > the attachement contains a simple patch to adding of verification of
> client's certificate(s)
> > against CRL on server side in mutual SSL authentication.
> > The CRL file has name "root.crl" and it must be stored in PGDATA
> directory.

-- 
  Bruce Momjian   http://candle.pha.pa.us
  EnterpriseDB    http://www.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

Responses

pgsql-patches by date

Next:From: Bruce MomjianDate: 2006-04-27 14:17:36
Subject: Re: plpython improvements
Previous:From: Atsushi OgawaDate: 2006-04-27 12:27:54
Subject: Improvement of search for a binary operator

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group