Bruce Momjian wrote:
I am now wondering if fe-secure.c, the front-end code, should also check
for root.crl. The attached patch implents it.
Updated patch attached and applied. It adds CRL checking to libpq. It
returns an error if the CRL file exists, but the library can't process
it, just
I am now wondering if fe-secure.c, the front-end code, should also check
for root.crl. The attached patch implents it. Is it a good idea?
Also, if you look in interfaces/libpq/fe-secure.c at some NOT_USED
macros you can see there are a few things we don't implement. Can that
be improved?
Patch adjusted and applied. Thanks.
I added documentation about SSL Certificate Revocation List (CRL) files.
We throw a log message of root.crl does exist. Perhaps we should just
silently say nothing, but that seems dangerous.
Bruce Momjian pgman@candle.pha.pa.us writes:
Does this need any documentation adjustments?
It's pretty useless without any documentation ... which was my original
complaint about it IIRC.
regards, tom lane
---(end of
- Original Message -
From: Libor Hohoš [EMAIL PROTECTED]
To: Tom Lane [EMAIL PROTECTED]
Sent: Wednesday, August 31, 2005 10:06 AM
Subject: Re: [PATCHES] be-secure.c patch
root.crT is file with X509 certificate of Certification Authority
root.crL is file with X509 Certificate
Does this need any documentation adjustments?
Your patch has been added to the PostgreSQL unapplied patches list at:
http://momjian.postgresql.org/cgi-bin/pgpatches
It will be applied as soon as one of the PostgreSQL committers reviews
and approves it.
This has been saved for the 8.2 release:
http://momjian.postgresql.org/cgi-bin/pgpatches_hold
---
Libor Hoho? wrote:
Hello PG folks,
the attachement contains a simple patch to adding of verification of
=?iso-8859-2?Q?Libor_Hoho=B9?= [EMAIL PROTECTED] writes:
the attachement contains a simple patch to adding of verification of client=
's certificate(s)
against CRL on server side in mutual SSL authentication.
The CRL file has name root.crl and it must be stored in PGDATA directory.
Uh, why
=?iso-8859-2?Q?Libor_Hoho=B9?= [EMAIL PROTECTED] writes:
It sounds like it duplicates the
existing root.crt functionality.
root.crT is file with X509 certificate of Certification Authority
root.crL is file with X509 Certificate Revocation List issued by this
Certification Authority
Oh, is