Re: be-secure.c patch

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: PostgreSQL-patches <pgsql-patches(at)postgresql(dot)org>
Cc: Libor Hohoš <liho(at)d-prog(dot)cz>
Subject: Re: be-secure.c patch
Date: 2006-04-27 14:12:12
Message-ID: 200604271412.k3RECCj17731@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-patches


I am now wondering if fe-secure.c, the front-end code, should also check
for "root.crl". The attached patch implents it. Is it a good idea?

Also, if you look in interfaces/libpq/fe-secure.c at some NOT_USED
macros you can see there are a few things we don't implement. Can that
be improved?

---------------------------------------------------------------------------

> Patch adjusted and applied. Thanks.
>
> I added documentation about SSL Certificate Revocation List (CRL) files.
>
> We throw a log message of "root.crl" does exist. Perhaps we should just
> silently say nothing, but that seems dangerous.
>
> ---------------------------------------------------------------------------
>
>
>
> Libor Hoho<B9> wrote:
> > Hello PG folks,
> > the attachement contains a simple patch to adding of verification of
> client's certificate(s)
> > against CRL on server side in mutual SSL authentication.
> > The CRL file has name "root.crl" and it must be stored in PGDATA
> directory.

--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

Attachment Content-Type Size
unknown_filename text/plain 1.7 KB

Responses

Browse pgsql-patches by date

  From Date Subject
Next Message Bruce Momjian 2006-04-27 14:17:36 Re: plpython improvements
Previous Message Atsushi Ogawa 2006-04-27 12:27:54 Improvement of search for a binary operator