Hi -
A couple things. I noticed that these two functions return NULL (or empty
string):
select ssl_issuer_dn();
select ssl_client_dn();
However, I can get specific fields:
select '/CN=' || ssl_issuer_field('commonName')
|| '/C=' || ssl_issuer_field('countryName')
|| '/O=' || ssl_issuer_field('organizationName')
;
--returns "/CN=UW Services CA/C=US/O=University of Washington"
I'm thinking of using an authorization scheme in which I check a list of
valid certificate common-names, and, if the current client has no cert or
is not in the list, they have no access (maybe force a logout). Is this
feasable and/or advisable? I'll only have a single trusted CA.
Any help is appreciated!
thanks,
--craig