Re: [PATCHES] be-secure.c patch

2006-05-05 Thread Bruce Momjian
Bruce Momjian wrote: I am now wondering if fe-secure.c, the front-end code, should also check for root.crl. The attached patch implents it. Updated patch attached and applied. It adds CRL checking to libpq. It returns an error if the CRL file exists, but the library can't process it, just

Re: [PATCHES] be-secure.c patch

2006-04-27 Thread Bruce Momjian
I am now wondering if fe-secure.c, the front-end code, should also check for root.crl. The attached patch implents it. Is it a good idea? Also, if you look in interfaces/libpq/fe-secure.c at some NOT_USED macros you can see there are a few things we don't implement. Can that be improved?

Re: [PATCHES] be-secure.c patch

2006-04-26 Thread Bruce Momjian
Patch adjusted and applied. Thanks. I added documentation about SSL Certificate Revocation List (CRL) files. We throw a log message of root.crl does exist. Perhaps we should just silently say nothing, but that seems dangerous.

Re: [PATCHES] be-secure.c patch

2006-03-21 Thread Tom Lane
Bruce Momjian pgman@candle.pha.pa.us writes: Does this need any documentation adjustments? It's pretty useless without any documentation ... which was my original complaint about it IIRC. regards, tom lane ---(end of

Fw: [PATCHES] be-secure.c patch

2006-03-21 Thread Libor Hohoš
- Original Message - From: Libor Hohoš [EMAIL PROTECTED] To: Tom Lane [EMAIL PROTECTED] Sent: Wednesday, August 31, 2005 10:06 AM Subject: Re: [PATCHES] be-secure.c patch root.crT is file with X509 certificate of Certification Authority root.crL is file with X509 Certificate

Re: [PATCHES] be-secure.c patch

2006-03-21 Thread Bruce Momjian
Does this need any documentation adjustments? Your patch has been added to the PostgreSQL unapplied patches list at: http://momjian.postgresql.org/cgi-bin/pgpatches It will be applied as soon as one of the PostgreSQL committers reviews and approves it.

Re: [PATCHES] be-secure.c patch

2005-09-23 Thread Bruce Momjian
This has been saved for the 8.2 release: http://momjian.postgresql.org/cgi-bin/pgpatches_hold --- Libor Hoho? wrote: Hello PG folks, the attachement contains a simple patch to adding of verification of

Re: [PATCHES] be-secure.c patch

2005-08-29 Thread Tom Lane
=?iso-8859-2?Q?Libor_Hoho=B9?= [EMAIL PROTECTED] writes: the attachement contains a simple patch to adding of verification of client= 's certificate(s) against CRL on server side in mutual SSL authentication. The CRL file has name root.crl and it must be stored in PGDATA directory. Uh, why

Re: [PATCHES] be-secure.c patch

2005-08-29 Thread Tom Lane
=?iso-8859-2?Q?Libor_Hoho=B9?= [EMAIL PROTECTED] writes: It sounds like it duplicates the existing root.crt functionality. root.crT is file with X509 certificate of Certification Authority root.crL is file with X509 Certificate Revocation List issued by this Certification Authority Oh, is