Ian Pilcher <arequip...@gmail.com> writes: > Yes. And the problem is that there is no way to prevent OpenSSL from > accepting intermediate certificates supplied by the client. As a > result, the server cannot accept client certificates signed by one > intermediate CA without also accepting *any* client certificate that can > present a chain back to the root CA.
Isn't that sort of the point? regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers