Bruce Momjian wrote:
>
> I am now wondering if fe-secure.c, the front-end code, should also check
> for "root.crl". The attached patch implents it.
Updated patch attached and applied. It adds CRL checking to libpq. It
returns an error if the CRL file exists, but the library can't process
it, j
I am now wondering if fe-secure.c, the front-end code, should also check
for "root.crl". The attached patch implents it. Is it a good idea?
Also, if you look in interfaces/libpq/fe-secure.c at some NOT_USED
macros you can see there are a few things we don't implement. Can that
be improved?
--
Patch adjusted and applied. Thanks.
I added documentation about SSL Certificate Revocation List (CRL) files.
We throw a log message of "root.crl" does exist. Perhaps we should just
silently say nothing, but that seems dangerous.
Does this need any documentation adjustments?
Your patch has been added to the PostgreSQL unapplied patches list at:
http://momjian.postgresql.org/cgi-bin/pgpatches
It will be applied as soon as one of the PostgreSQL committers reviews
and approves it.
-
Bruce Momjian writes:
> Does this need any documentation adjustments?
It's pretty useless without any documentation ... which was my original
complaint about it IIRC.
regards, tom lane
---(end of broadcast)---
TIP 4: Have y
This has been saved for the 8.2 release:
http://momjian.postgresql.org/cgi-bin/pgpatches_hold
---
Libor Hoho? wrote:
> Hello PG folks,
> the attachement contains a simple patch to adding of verification of clien
=?iso-8859-2?Q?Libor_Hoho=B9?= <[EMAIL PROTECTED]> writes:
>> It sounds like it duplicates the
>> existing root.crt functionality.
> root.crT is file with X509 certificate of Certification Authority
> root.crL is file with X509 Certificate Revocation List issued by this
> Certification Authority
=?iso-8859-2?Q?Libor_Hoho=B9?= <[EMAIL PROTECTED]> writes:
> the attachement contains a simple patch to adding of verification of client=
> 's certificate(s)
> against CRL on server side in mutual SSL authentication.
> The CRL file has name "root.crl" and it must be stored in PGDATA directory.
Uh,