Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request
| От | Tom Lane |
|---|---|
| Тема | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |
| Дата | |
| Msg-id | 23787.1274802524@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request (Craig Ringer <craig@postnewspapers.com.au>) |
| Ответы |
Re: BUG #5468: Pg doesn't send accepted root CA list to client
during SSL client cert request
Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |
| Список | pgsql-bugs |
Craig Ringer <craig@postnewspapers.com.au> writes:
> Bug 5245 is not the same issue. They're talking about the server not
> sending the full certificate chain for the cert that identifies the
> server (server.crt). It's nothing to do with client certificates.
> Without the full chain, the client can't verify the server unless it
> happens to already have the intermediate certs between the server's cert
> and the trusted root that signed it installed locally. I haven't
> encountered #5245 myself, but will test it shortly to verify. It'd
> certainly count as a significant bug, as it would make it impossible to
> use indirect trust to verify a server (as is the case when a corporate
> CA signed by a "big name" CA is in use).
BTW, does anyone know exactly how to fix that? I'm looking at a related
request internal to Red Hat right now.
regards, tom lane
В списке pgsql-bugs по дате отправления: