On 26/05/10 11:01, Tom Lane wrote:
> In principle, you could have the server and clients using totally
> nonoverlapping sets of trusted CAs (nonoverlapping root.crt lists),
> as long as each can chain its identity up to a CA the other trusts.
> So it's all nice and symmetrical.
... and it's exactly this cases that confuses keystore based clients
that may have multiple certs installed.
See the self-contained test case here:
... which includes a Pg datadir and configuration, the certificate
authority, the certificates, a detailed log of test case setup, the test
programs, logs of test output along with explanation of those logs, etc.
Tech-related writing: http://soapyfrogs.blogspot.com/
In response to
pgsql-bugs by date
|Next:||From: Daniele Varrazzo||Date: 2010-05-26 11:58:15|
|Subject: Re: BUG #5469: regexp_matches() has poor behaviour and more poor documentation|
|Previous:||From: Mark Kirkwood||Date: 2010-05-26 04:14:02|
|Subject: Re: BUG #5469: regexp_matches() has poor behaviour and more