CVSROOT: /cvsroot
Module name: pgsql
Changes by: momjian@postgresql.org 02/06/14 00:36:58
Modified files:
src/backend/libpq: be-secure.c
src/include/libpq: libpq-be.h
src/interfaces/libpq: fe-secure.c
Log message:
SSL patch that adds support for optional client certificates.
If the user has certificates in $HOME/.postgresql/postgresql.crt
and $HOME/.postgresql/postgresql.key exist, they are provided
to the server. The certificate used to sign this cert must be
known to the server, in $DataDir/root.crt. If successful, the
cert's "common name" is logged.
Client certs are not used for authentication, but they could be
via the port->peer (X509 *), port->peer_dn (char *) or
port->peer_cn (char *) fields. Or any other function could be
used, e.g., many sites like the issuer + serial number hash.
Bear Giles
