----- Original Message -----
From: "Libor Hohoš" <liho@d-prog.cz>
To: "Tom Lane" <tgl@sss.pgh.pa.us>
Sent: Wednesday, August 31, 2005 10:06 AM
Subject: Re: [PATCHES] be-secure.c patch
>>> root.crT is file with X509 certificate of Certification Authority
>>> root.crL is file with X509 Certificate Revocation List issued by this
>>> Certification Authority
>>
>> Oh, is that what it does? Is this documented anywhere?
>
> Once more : the patch ONLY allows adding CRL (in file root.crL) to the
> proccess of verification of certificate in mutual SSL authentization
> and this proccess is managed by OpenSSL library linked with PostgreSQL.
>
> So that, if I need SSL communication with verification of client
> certificate(s), I must copy root.crT file into PGDATA directory
> on server side (existing functionality).
> And, in this case, if I need "better" verification of client
> certificate(s)
> (the verification against CRL), I must :
> 1.) to apply the patch
> 2.) to copy root.crl file into PGDATA directory of PostgreSQL server
> 3.) to (re)start PostgreSQL server
>
> Best regards
> Libor
>