Fw: be-secure.c patch
От | Libor Hohoš |
---|---|
Тема | Fw: be-secure.c patch |
Дата | |
Msg-id | 00bf01c64cf3$69ce75e0$6802a8c0@kometa обсуждение исходный текст |
Список | pgsql-patches |
----- Original Message ----- From: "Libor Hohoš" <liho@d-prog.cz> To: "Tom Lane" <tgl@sss.pgh.pa.us> Sent: Wednesday, August 31, 2005 10:06 AM Subject: Re: [PATCHES] be-secure.c patch >>> root.crT is file with X509 certificate of Certification Authority >>> root.crL is file with X509 Certificate Revocation List issued by this >>> Certification Authority >> >> Oh, is that what it does? Is this documented anywhere? > > Once more : the patch ONLY allows adding CRL (in file root.crL) to the > proccess of verification of certificate in mutual SSL authentization > and this proccess is managed by OpenSSL library linked with PostgreSQL. > > So that, if I need SSL communication with verification of client > certificate(s), I must copy root.crT file into PGDATA directory > on server side (existing functionality). > And, in this case, if I need "better" verification of client > certificate(s) > (the verification against CRL), I must : > 1.) to apply the patch > 2.) to copy root.crl file into PGDATA directory of PostgreSQL server > 3.) to (re)start PostgreSQL server > > Best regards > Libor >
В списке pgsql-patches по дате отправления: