----- Original Message -----
From: "Libor Hohoš" <[EMAIL PROTECTED]>
To: "Tom Lane" <[EMAIL PROTECTED]>
Sent: Wednesday, August 31, 2005 10:06 AM
Subject: Re: [PATCHES] be-secure.c patch
root.crT is file with X509 certificate of Certification Authority
root.crL is file with X509 Certificate Revocation List issued by this
Certification Authority
Oh, is that what it does? Is this documented anywhere?
Once more : the patch ONLY allows adding CRL (in file root.crL) to the
proccess of verification of certificate in mutual SSL authentization
and this proccess is managed by OpenSSL library linked with PostgreSQL.
So that, if I need SSL communication with verification of client
certificate(s), I must copy root.crT file into PGDATA directory
on server side (existing functionality).
And, in this case, if I need "better" verification of client
certificate(s)
(the verification against CRL), I must :
1.) to apply the patch
2.) to copy root.crl file into PGDATA directory of PostgreSQL server
3.) to (re)start PostgreSQL server
Best regards
Libor
---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
