----- Original Message ----- From: "Libor Hohoš" <[EMAIL PROTECTED]>
To: "Tom Lane" <[EMAIL PROTECTED]>
Sent: Wednesday, August 31, 2005 10:06 AM
Subject: Re: [PATCHES] be-secure.c patch

root.crT is file with X509 certificate of  Certification Authority
root.crL is file with X509 Certificate Revocation List issued by this
Certification Authority

Oh, is that what it does?  Is this documented anywhere?

Once more : the patch ONLY allows adding CRL (in file root.crL) to the
proccess of verification of certificate in mutual SSL authentization
and this proccess is managed by OpenSSL library linked with PostgreSQL.

So that, if  I need SSL communication with verification of client
certificate(s), I must copy root.crT file into PGDATA directory
on server side (existing functionality).
And, in this case, if I need "better" verification of client certificate(s)
(the verification against CRL), I must :
1.) to apply the patch
2.) to copy root.crl file into PGDATA directory of PostgreSQL server
3.) to (re)start PostgreSQL server

 Best regards

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
      subscribe-nomail command to [EMAIL PROTECTED] so that your
      message can get through to the mailing list cleanly

Reply via email to