On Mon, Apr 17, 2006 at 12:24:40PM -0400, Stephen Frost wrote:
> * Martijn van Oosterhout (kleptog@svana.org) wrote:
> > Seriously, if people want to do really sophisticated things with the
> > SSL library, they should setup s_tunnel instead. If we wanted to let
>
> I certainly agree with all the rest but I'm just not sure I can agree
> with you here. While s_tunnel is nice it's not always an option and I
> think it *would* be nice to have Postgres support things like CRLs and
> OCSP but more from the server-side of things than the client-side.
CRLs are easy, almost a one line change. I was actually surprised it
wasn't done but I didn't add it because I figured someone had left it
out for a reason.
OCSP is something else. And in any case, you don't need a result of
PQgetssl() to use it since it's a completely seperate part of the
library.
But neither of these are what I considered "sophisticated". I don't
think either of these require any API changes either.
Have a nice day,
--
Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.