| From: | momjian(at)postgresql(dot)org (Bruce Momjian - CVS) |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql/src backend/libpq/be-secure.c include/li ... |
| Date: | 2002-06-14 04:36:58 |
| Message-ID: | 20020614043658.86A96476FFE@postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
CVSROOT: /cvsroot
Module name: pgsql
Changes by: momjian(at)postgresql(dot)org 02/06/14 00:36:58
Modified files:
src/backend/libpq: be-secure.c
src/include/libpq: libpq-be.h
src/interfaces/libpq: fe-secure.c
Log message:
SSL patch that adds support for optional client certificates.
If the user has certificates in $HOME/.postgresql/postgresql.crt
and $HOME/.postgresql/postgresql.key exist, they are provided
to the server. The certificate used to sign this cert must be
known to the server, in $DataDir/root.crt. If successful, the
cert's "common name" is logged.
Client certs are not used for authentication, but they could be
via the port->peer (X509 *), port->peer_dn (char *) or
port->peer_cn (char *) fields. Or any other function could be
used, e.g., many sites like the issuer + serial number hash.
Bear Giles
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian - CVS | 2002-06-14 04:38:04 | pgsql/src backend/libpq/be-secure.c interfaces ... |
| Previous Message | Bruce Momjian - CVS | 2002-06-14 04:35:02 | pgsql/src/backend/libpq be-secure.c |