| From: | Craig Perras <cperras(at)u(dot)washington(dot)edu> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | ssl-info, enforcing list of common-names |
| Date: | 2008-10-01 17:10:16 |
| Message-ID: | Pine.LNX.4.64.0810011006340.19163@homer24.u.washington.edu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Hi -
A couple things. I noticed that these two functions return NULL (or empty
string):
select ssl_issuer_dn();
select ssl_client_dn();
However, I can get specific fields:
select '/CN=' || ssl_issuer_field('commonName')
|| '/C=' || ssl_issuer_field('countryName')
|| '/O=' || ssl_issuer_field('organizationName')
;
--returns "/CN=UW Services CA/C=US/O=University of Washington"
I'm thinking of using an authorization scheme in which I check a list of
valid certificate common-names, and, if the current client has no cert or
is not in the list, they have no access (maybe force a logout). Is this
feasable and/or advisable? I'll only have a single trusted CA.
Any help is appreciated!
thanks,
--craig
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Cristian Cruz | 2008-10-02 11:33:44 | DROP TABLE waiting for pg_dump |
| Previous Message | Michael Monnerie | 2008-10-01 14:54:23 | Re: [GENERAL] 8.3.4 rpms for Opensuse10.3 64bit |