SSL patch that adds support for optional client certificates.
If the user has certificates in $HOME/.postgresql/postgresql.crt
and $HOME/.postgresql/postgresql.key exist, they are provided
to the server. The certificate used to sign this cert must be
known to the server, in $DataDir/root.crt. If successful, the
cert's "common name" is logged.
Client certs are not used for authentication, but they could be
via the port->peer (X509 *), port->peer_dn (char *) or
port->peer_cn (char *) fields. Or any other function could be
used, e.g., many sites like the issuer + serial number hash.
pgsql-patches by date
|Next:||From: Bear Giles||Date: 2002-05-25 08:20:00|
|Subject: SSL (patch 10)|
|Previous:||From: Bear Giles||Date: 2002-05-25 06:55:07|
|Subject: SSL (patch 8 - contents)|