Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request
| От | Craig Ringer |
|---|---|
| Тема | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request |
| Дата | |
| Msg-id | 4BFC8730.3040706@postnewspapers.com.au обсуждение исходный текст |
| Ответ на | Re: BUG #5468: Pg doesn't send accepted root CA list to client during SSL client cert request (Stephen Frost <sfrost@snowman.net>) |
| Список | pgsql-bugs |
On 26/05/10 10:25, Stephen Frost wrote: >>> In any case I'm thinking that we need to document how to set up >>> configurations with chains of CA certs. >> >> Yes, and patch the server to send the list of trusted CAs to the client >> during client certificate negotiaton to fix #5468 . > > Agreed. Yeah, I'd really love to focus on the issue I reported (#5468) not an earlier issue that was bought up during the conversation... I'm putting together a completely self-contained test case ( database, home-made CA, client and server SSL certs, pg_hba.conf, client application, etc ) to demonstrate this at the moment, as I haven't been successful in explaining it despite my best efforts. Meanwhile, the mailing list seems to be silently eating my test program. So: you can download it from: executable jar with built-in usage/help: http://www.postnewspapers.com.au/~craig/PgClientCertDemo.jar sources and README: http://www.postnewspapers.com.au/~craig/PgClientCertDemo.zip Run the jar as: java -jar PgClientCertDemo.jar for help. -- Craig Ringer Tech-related writing: http://soapyfrogs.blogspot.com/
В списке pgsql-bugs по дате отправления: