Quick Links

Re: Allow matching whole DN from a client certificate

From:	Andrew Dunstan <andrew(at)dunslane(dot)net>
To:	Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc:	PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Allow matching whole DN from a client certificate
Date:	2020-11-12 21:21:18
Message-ID:	36758457-be5d-89a1-6e47-f494b088a2d4@dunslane.net
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 11/12/20 8:37 AM, Daniel Gustafsson wrote:
>> On 11 Nov 2020, at 21:44, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>> If people like this idea I'll add tests and docco and add it to the next CF.
> Sounds like a good idea, please do.
>
> Can this case really happen in non-ancient OpenSSL version?
> + if (!x509name)

Probably not. I'll get rid of that.

> Doesn't this returnpath need a pfree(peer_cn)?
> + bio = BIO_new(BIO_s_mem());
> + if (!bio)
> + {
> + return -1;
> + }
>

Yeah, I'll make another pass over the cleanups.

Thanks for reviewing.

cheers

andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com

In response to

Re: Allow matching whole DN from a client certificate at 2020-11-12 13:37:39 from Daniel Gustafsson

Responses

Re: Allow matching whole DN from a client certificate at 2020-11-18 18:01:09 from Andrew Dunstan

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Peter Geoghegan	2020-11-12 22:00:07	Re: Deleting older versions in unique indexes to avoid page splits
Previous Message	Justin Pryzby	2020-11-12 21:11:43	Re: Add important info about ANALYZE after create Functional Index