Re: SSL Support
| От | Tom Lane |
|---|---|
| Тема | Re: SSL Support |
| Дата | |
| Msg-id | 292.1095774770@sss.pgh.pa.us обсуждение |
| Ответ на | Re: SSL Support (dom@happygiraffe.net (Dominic Mitchell)) |
| Ответы |
Re: SSL Support
|
| Список | pgsql-hackers |
dom@happygiraffe.net (Dominic Mitchell) writes:
> On Tue, Sep 21, 2004 at 10:17:51AM +0200, Peter Eisentraut wrote:
>> Am Dienstag, 21. September 2004 09:24 schrieb Dominic Mitchell:
>>> In initialize_SSL(), we call SSL_CTX_set_verify(), but we don't pass
>>> in the SSL_VERIFY_FAIL_IF_NO_PEER_CERT flag. This means that a client
>>> can present no certificate and still get access to the server.
> The code is all there to do so, pretty much. What it's missing is a few
> toggles to make it say "I want to enforce this to happen".
This is intentional. See past discussions.
regards, tom lane
В списке pgsql-hackers по дате отправления: