| From: | Jacob Champion <jchampion(at)timescale(dot)com> |
|---|---|
| To: | Graham Leggett <minfrin(at)sharp(dot)fm> |
| Cc: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Log details for client certificate failures |
| Date: | 2022-07-01 20:59:42 |
| Message-ID: | CAAWbhmiKmsRhMCvGqjyNrb-eSivgK2UtH8DOMZ3E-2Zu9Lu-LQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Jun 30, 2022 at 2:54 AM Graham Leggett <minfrin(at)sharp(dot)fm> wrote:
>
> I added this to httpd a while back:
>
> SSL_CLIENT_CERT_RFC4523_CEA
>
> It would be good to interoperate.
What kind of interoperation did you have in mind? Are there existing
tools that want to scrape this information for observability?
I think the CEA syntax might not be a good fit for this particular
patch: first, we haven't actually verified the certificate, so no one
should be using it to assert certificate equality (and I'm truncating
the Issuer anyway, to avoid letting someone flood the logs). Second,
this is designed to be human-readable rather than machine-readable.
Thanks,
--Jacob
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2022-07-01 21:06:15 | Re: EINTR in ftruncate() |
| Previous Message | Jacob Champion | 2022-07-01 20:51:24 | Re: [PATCH] Log details for client certificate failures |