Re: [PATCH] pg_hba.conf : new auth option : clientcert=verify-full

On Fri, Oct 26, 2018 at 2:08 AM Marius Timmer
<marius.timmer@uni-muenster.de> wrote:
> We (Julian and I) would like to show you the seventh version of this
> patch which includes all the things mentioned before. Unfortunately
> we did not find the time to do this earlier.

+        case uaCert:
         case uaTrust:

Maybe add a note there that this will be treated as if
clientcert=verify-full below?

+        else if(strcmp(val, "2") == 0

The "1" is needed for backwards compatibility, but is there any need
for "2" as an alternative for "verify-full"?

+# Check that connecting with auth-optionverify-full in pg_hba :

Missing space.

+      "hostssl verifydb        yetanotheruser  $serverhost/32
 trust              clientcert=verify-ca\n";

Why did you put "trust" there instead of "$authmethod" like the previous lines?

The tests pass and show the feature working correctly.  I think this
is getting close to committable.  I see that Magnus has signed up as
committer.

-- 
Thomas Munro
http://www.enterprisedb.com