Re: ssl-info, enforcing list of common-names

Would someone please reply this question.

---------------------------------------------------------------------------

Craig Perras wrote:
> Hi -
>
> A couple things. I noticed that these two functions return NULL (or empty
> string):
>
> select ssl_issuer_dn();
> select ssl_client_dn();
>
> However, I can get specific fields:
>
> select '/CN=' || ssl_issuer_field('commonName')
>    || '/C=' || ssl_issuer_field('countryName')
>    || '/O=' || ssl_issuer_field('organizationName')
>    ;
>
> --returns "/CN=UW Services CA/C=US/O=University of Washington"
>
> I'm thinking of using an authorization scheme in which I check a list of
> valid certificate common-names, and, if the current client has no cert or
> is not in the list, they have no access (maybe force a logout). Is this
> feasable and/or advisable? I'll only have a single trusted CA.
>
> Any help is appreciated!
>
> thanks,
> --craig
>
> --
> Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-admin

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +