Re: SSL (patch 9)
| От | Bruce Momjian |
|---|---|
| Тема | Re: SSL (patch 9) |
| Дата | |
| Msg-id | 200206112233.g5BMXIf24508@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | SSL (patch 9) (Bear Giles <bgiles@coyotesong.com>) |
| Список | pgsql-patches |
Your patch has been added to the PostgreSQL unapplied patches list at:
http://candle.pha.pa.us/cgi-bin/pgpatches
I will try to apply it within the next 48 hours.
---------------------------------------------------------------------------
Bear Giles wrote:
> SSL patch that adds support for optional client certificates.
>
> If the user has certificates in $HOME/.postgresql/postgresql.crt
> and $HOME/.postgresql/postgresql.key exist, they are provided
> to the server. The certificate used to sign this cert must be
> known to the server, in $DataDir/root.crt. If successful, the
> cert's "common name" is logged.
>
> Client certs are not used for authentication, but they could be
> via the port->peer (X509 *), port->peer_dn (char *) or
> port->peer_cn (char *) fields. Or any other function could be
> used, e.g., many sites like the issuer + serial number hash.
>
> Bear
Content-Description: /tmp/patch9
[ Attachment, skipping... ]
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
В списке pgsql-patches по дате отправления: