Quick Links

Re: [PATCH] Log details for client certificate failures

From:	Graham Leggett <minfrin(at)sharp(dot)fm>
To:	Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>
Cc:	pgsql-hackers(at)postgresql(dot)org, Jacob Champion <jchampion(at)timescale(dot)com>
Subject:	Re: [PATCH] Log details for client certificate failures
Date:	2022-06-30 09:53:58
Message-ID:	6EE6999E-0174-4B74-AC70-BE13F53E6827@sharp.fm
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 30 Jun 2022, at 10:43, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> wrote:

> I wrote that pg_stat_ssl uses the *issuer* plus serial number to identify a certificate. What your patch shows is the subject and the serial number, which isn't the same thing. Let's get that sorted out one way or the other.

Quick observation on this one, the string format of an issuer and serial number is defined as a “Certificate Exact Assertion” in RFC 4523.

I added this to httpd a while back:

SSL_CLIENT_CERT_RFC4523_CEA

It would be good to interoperate.

Regards,
Graham
—

In response to

Re: [PATCH] Log details for client certificate failures at 2022-06-30 09:43:21 from Peter Eisentraut

Responses

Re: [PATCH] Log details for client certificate failures at 2022-07-01 20:59:42 from Jacob Champion

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Justin Pryzby	2022-06-30 09:55:36	Re: doc phrase: "inheritance child"
Previous Message	Peter Eisentraut	2022-06-30 09:43:21	Re: [PATCH] Log details for client certificate failures