Re: Trust intermediate CA for client certificates
| От | Ian Pilcher |
|---|---|
| Тема | Re: Trust intermediate CA for client certificates |
| Дата | |
| Msg-id | 529CEBDD.4060006@gmail.com обсуждение исходный текст |
| Ответ на | Re: Trust intermediate CA for client certificates (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: Trust intermediate CA for client certificates
Re: Trust intermediate CA for client certificates Re: Trust intermediate CA for client certificates |
| Список | pgsql-hackers |
On 12/02/2013 02:17 PM, Tom Lane wrote: > Ian Pilcher <arequipeno@gmail.com> writes: >> Yes. And the problem is that there is no way to prevent OpenSSL from >> accepting intermediate certificates supplied by the client. As a >> result, the server cannot accept client certificates signed by one >> intermediate CA without also accepting *any* client certificate that can >> present a chain back to the root CA. > > Isn't that sort of the point? > I'm not sure what you're asking. The desired behavior (IMO) would be to accept client certificates signed by some intermediate CAs without accepting any client certificate that can present a chain back to the trusted root. This is currently not possible, mainly due to the way that OpenSSL works. -- ======================================================================== Ian Pilcher arequipeno@gmail.com Sent from the cloud -- where it's alreadytomorrow ========================================================================
В списке pgsql-hackers по дате отправления: