Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request
| От | Craig Ringer |
|---|---|
| Тема | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |
| Дата | |
| Msg-id | 4BFC8311.3090104@postnewspapers.com.au обсуждение исходный текст |
| Ответ на | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request (Craig Ringer <craig@postnewspapers.com.au>) |
| Список | pgsql-bugs |
On 26/05/10 09:59, Craig Ringer wrote:
> On 26/05/10 09:35, Tom Lane wrote:
>
>> I am now of the opinion that bug #5245 is in fact an exact dup of
>> bug #5468. The previous reporter was jumping to conclusions about what
>> his problem was: it was not that the server didn't send the full cert
>> chain, but that Java couldn't do the right thing without having the list
>> of cert names.
>
> No, they ARE NOT the same thing.
>
> #5468 is about *CLIENT* *CERTIFICATE* *AUTHENTICATION* where the
> *SERVER* VALIDATES THE *CLIENT* after the server sends a
> ServerHello.
>
> #5245 is about *CLIENT* *VALIDATION* *OF* *THE* *SERVER*, where the
> *CLIENT* VALIDATES THE *SERVER* after the server sends a
> CertificateRequest.
Argh, now I'm getting MYSELF backwards. Correction:
#5468 is about *CLIENT* *CERTIFICATE* *AUTHENTICATION* where the
*SERVER* VALIDATES THE *CLIENT* after the server sends a
*CertificateRequest*. <-- Was reversed above
#5245 is about *CLIENT* *VALIDATION* *OF* *THE* *SERVER*, where the
*CLIENT* VALIDATES THE *SERVER* after the server sends a
*ServerHello*. <-- Was reversed above
--
Craig Ringer
Tech-related writing: http://soapyfrogs.blogspot.com/
В списке pgsql-bugs по дате отправления: