Re: [GENERAL] Trust intermediate CA for client certificates

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Stephen Frost <sfrost(at)snowman(dot)net>
Cc: Craig Ringer <craig(at)2ndquadrant(dot)com>, Ian Pilcher <arequipeno(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org, tgl(at)sss(dot)pgh(dot)pa(dot)us, stellr(at)vt(dot)edu, pgsql-hackers(at)postgresql(dot)org
Subject: Re: [GENERAL] Trust intermediate CA for client certificates
Date: 2013-03-19 12:28:23
Message-ID: 20130319122823.GB1327@momjian.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general pgsql-hackers

On Tue, Mar 19, 2013 at 01:46:32AM -0400, Stephen Frost wrote:
> > I guess that suggests we should be calling this something like
> > 'ssl_authorized_client_roots'.
>
> I'm no longer convinced that this really makes sense and I'm a bit
> worried about the simple authentication issue which I thought was at the
> heart of this concern. Is there anything there that you see as being an
> issue with what we're doing currently..?

I too am worried that make SSL even more flexible will make simple setups
more complex to setup.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ It's impossible for everything to be true. +

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Stephen Frost 2013-03-19 12:39:25 Re: Trust intermediate CA for client certificates
Previous Message Albe Laurenz 2013-03-19 08:32:43 Re: Concurrent updates

Browse pgsql-hackers by date

  From Date Subject
Next Message Stephen Frost 2013-03-19 12:39:25 Re: Trust intermediate CA for client certificates
Previous Message Magnus Hagander 2013-03-19 11:49:15 Re: backward incompatible pg_basebackup and pg_receivexlog