| From: | Thomas Munro <thomas(dot)munro(at)enterprisedb(dot)com> |
|---|---|
| To: | marius(dot)timmer(at)uni-muenster(dot)de |
| Cc: | Julian Markwort <julian(dot)markwort(at)uni-muenster(dot)de>, David Fetter <david(at)fetter(dot)org>, Magnus Hagander <magnus(at)hagander(dot)net>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org>, arne(dot)scheffer(at)uni-muenster(dot)de |
| Subject: | Re: [PATCH] pg_hba.conf : new auth option : clientcert=verify-full |
| Date: | 2018-11-29 23:24:04 |
| Message-ID: | CAEepm=38=79MLFyd=XwTdC7Y4MYay6RJKYUfq-ECphq6vHBuzA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Oct 26, 2018 at 2:08 AM Marius Timmer
<marius(dot)timmer(at)uni-muenster(dot)de> wrote:
> We (Julian and I) would like to show you the seventh version of this
> patch which includes all the things mentioned before. Unfortunately
> we did not find the time to do this earlier.
+ case uaCert:
case uaTrust:
Maybe add a note there that this will be treated as if
clientcert=verify-full below?
+ else if(strcmp(val, "2") == 0
The "1" is needed for backwards compatibility, but is there any need
for "2" as an alternative for "verify-full"?
+# Check that connecting with auth-optionverify-full in pg_hba :
Missing space.
+ "hostssl verifydb yetanotheruser $serverhost/32
trust clientcert=verify-ca\n";
Why did you put "trust" there instead of "$authmethod" like the previous lines?
The tests pass and show the feature working correctly. I think this
is getting close to committable. I see that Magnus has signed up as
committer.
--
Thomas Munro
http://www.enterprisedb.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tsunakawa, Takayuki | 2018-11-30 00:28:23 | RE: [PATCH] Change "checkpoint starting" message to use "wal" |
| Previous Message | Stephen Frost | 2018-11-29 23:04:23 | Re: [PATCH] Change "checkpoint starting" message to use "wal" |