pgsql: Add new clientcert hba option verify-full
| От | Magnus Hagander |
|---|---|
| Тема | pgsql: Add new clientcert hba option verify-full |
| Дата | |
| Msg-id | E1h2iUU-0007fE-7W@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Add new clientcert hba option verify-full This allows a login to require both that the cn of the certificate matches (like authentication type cert) *and* that another authentication method (such as password or kerberos) succeeds as well. The old value of clientcert=1 maps to the new clientcert=verify-ca, clientcert=0 maps to the new clientcert=no-verify, and the new option erify-full will add the validation of the CN. Author: Julian Markwort, Marius Timmer Reviewed by: Magnus Hagander, Thomas Munro Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/0516c61b756e39ed6eb7a6bb54311a841002211a Modified Files -------------- doc/src/sgml/client-auth.sgml | 25 ++++++++++++------- doc/src/sgml/runtime.sgml | 54 ++++++++++++++++++++++++++++++++---------- src/backend/libpq/auth.c | 47 +++++++++++++++++++++++++++--------- src/backend/libpq/hba.c | 33 +++++++++++++++++++------- src/include/libpq/hba.h | 9 ++++++- src/test/ssl/t/001_ssltests.pl | 23 +++++++++++++++++- src/test/ssl/t/SSLServer.pm | 10 +++++++- 7 files changed, 156 insertions(+), 45 deletions(-)
В списке pgsql-committers по дате отправления: