| From: | Bear Giles <bgiles(at)coyotesong(dot)com> |
|---|---|
| To: | pgsql-patches(at)postgresql(dot)org |
| Subject: | SSL (patch 9) |
| Date: | 2002-05-25 08:06:55 |
| Message-ID: | 200205250806.CAA12734@eris.coyotesong.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
SSL patch that adds support for optional client certificates.
If the user has certificates in $HOME/.postgresql/postgresql.crt
and $HOME/.postgresql/postgresql.key exist, they are provided
to the server. The certificate used to sign this cert must be
known to the server, in $DataDir/root.crt. If successful, the
cert's "common name" is logged.
Client certs are not used for authentication, but they could be
via the port->peer (X509 *), port->peer_dn (char *) or
port->peer_cn (char *) fields. Or any other function could be
used, e.g., many sites like the issuer + serial number hash.
Bear
| Attachment | Content-Type | Size |
|---|---|---|
| patch9 | text/plain | 10.7 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bear Giles | 2002-05-25 08:20:00 | SSL (patch 10) |
| Previous Message | Bear Giles | 2002-05-25 06:55:07 | SSL (patch 8 - contents) |