| From: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |
| Date: | 2010-05-26 02:28:00 |
| Message-ID: | 4BFC8730.3040706@postnewspapers.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On 26/05/10 10:25, Stephen Frost wrote:
>>> In any case I'm thinking that we need to document how to set up
>>> configurations with chains of CA certs.
>>
>> Yes, and patch the server to send the list of trusted CAs to the client
>> during client certificate negotiaton to fix #5468 .
>
> Agreed.
Yeah, I'd really love to focus on the issue I reported (#5468) not an
earlier issue that was bought up during the conversation...
I'm putting together a completely self-contained test case ( database,
home-made CA, client and server SSL certs, pg_hba.conf, client
application, etc ) to demonstrate this at the moment, as I haven't been
successful in explaining it despite my best efforts.
Meanwhile, the mailing list seems to be silently eating my test program.
So: you can download it from:
executable jar with built-in usage/help:
http://www.postnewspapers.com.au/~craig/PgClientCertDemo.jar
sources and README:
http://www.postnewspapers.com.au/~craig/PgClientCertDemo.zip
Run the jar as:
java -jar PgClientCertDemo.jar
for help.
--
Craig Ringer
Tech-related writing: http://soapyfrogs.blogspot.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Craig Ringer | 2010-05-26 02:36:04 | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |
| Previous Message | Stephen Frost | 2010-05-26 02:25:13 | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |