pgsql/src backend/libpq/be-secure.c include/li ...

CVSROOT:    /cvsroot
Module name:    pgsql
Changes by:    momjian@postgresql.org    02/06/14 00:36:58

Modified files:
    src/backend/libpq: be-secure.c
    src/include/libpq: libpq-be.h
    src/interfaces/libpq: fe-secure.c

Log message:
    SSL patch that adds support for optional client certificates.

    If the user has certificates in $HOME/.postgresql/postgresql.crt
    and $HOME/.postgresql/postgresql.key exist, they are provided
    to the server.  The certificate used to sign this cert must be
    known to the server, in $DataDir/root.crt.  If successful, the
    cert's "common name" is logged.

    Client certs are not used for authentication, but they could be
    via the port->peer (X509 *), port->peer_dn (char *) or
    port->peer_cn (char *) fields.  Or any other function could be
    used, e.g., many sites like the issuer + serial number hash.

    Bear Giles