revised SSL patches submitted
| От | Bear Giles |
|---|---|
| Тема | revised SSL patches submitted |
| Дата | |
| Msg-id | 200205200648.AAA11250@eris.coyotesong.com обсуждение исходный текст |
| Список | pgsql-hackers |
Another set of SSL patches have been sent to the patches list. (No idea when they'll get through the system.) This is a new baseline set of patches that fix many of the problems identified earlier and also add a number of security patches. N.B., some of these changes are visible to the user, but are common practice for SSL code. The most notable is a minimal certificate validation that requires that certs be current (no more expired certs) and that the cert's common name match the hostname used with contacting the backend. This means that a cert containing a common name such as 'eris.example.com' *must* be accessed via psql -h eris.example.com ... not psql -h eris ... A future patch can relax this so that the common name can resolve to the address returned by getpeername(2). Client certs are optional, but if they exist they are expected in the user's home directory, under the .postgresql directory. Encrypted private keys are not yet supported. Bear
В списке pgsql-hackers по дате отправления: