| From: | Libor Hohoš <liho(at)d-prog(dot)cz> |
|---|---|
| To: | "Bruce Momjian" <pgman(at)candle(dot)pha(dot)pa(dot)us> |
| Cc: | <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Fw: be-secure.c patch |
| Date: | 2006-03-21 14:26:15 |
| Message-ID: | 00bf01c64cf3$69ce75e0$6802a8c0@kometa |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
----- Original Message -----
From: "Libor Hohoš" <liho(at)d-prog(dot)cz>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Sent: Wednesday, August 31, 2005 10:06 AM
Subject: Re: [PATCHES] be-secure.c patch
>>> root.crT is file with X509 certificate of Certification Authority
>>> root.crL is file with X509 Certificate Revocation List issued by this
>>> Certification Authority
>>
>> Oh, is that what it does? Is this documented anywhere?
>
> Once more : the patch ONLY allows adding CRL (in file root.crL) to the
> proccess of verification of certificate in mutual SSL authentization
> and this proccess is managed by OpenSSL library linked with PostgreSQL.
>
> So that, if I need SSL communication with verification of client
> certificate(s), I must copy root.crT file into PGDATA directory
> on server side (existing functionality).
> And, in this case, if I need "better" verification of client
> certificate(s)
> (the verification against CRL), I must :
> 1.) to apply the patch
> 2.) to copy root.crl file into PGDATA directory of PostgreSQL server
> 3.) to (re)start PostgreSQL server
>
> Best regards
> Libor
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2006-03-21 14:28:23 | Re: fix of some issues with multi-line query editing |
| Previous Message | Bruce Momjian | 2006-03-21 13:54:08 | Re: be-secure.c patch |