Home > mailing lists

Re: [GENERAL] Trust intermediate CA for client certificates - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: [GENERAL] Trust intermediate CA for client certificates
Date	March 19, 2013 15:28:32
Msg-id	20130319122823.GB1327@momjian.us Whole thread Raw
In response to	Re: Trust intermediate CA for client certificates (Stephen Frost <sfrost@snowman.net>)
List	pgsql-hackers

Tree view

On Tue, Mar 19, 2013 at 01:46:32AM -0400, Stephen Frost wrote:
> > I guess that suggests we should be calling this something like
> > 'ssl_authorized_client_roots'.
>
> I'm no longer convinced that this really makes sense and I'm a bit
> worried about the simple authentication issue which I thought was at the
> heart of this concern.  Is there anything there that you see as being an
> issue with what we're doing currently..?

I too am worried that make SSL even more flexible will make simple setups
more complex to setup.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +

pgsql-hackers by date:

From: Magnus Hagander
Date: 19 March 2013, 14:49:20
Subject: Re: backward incompatible pg_basebackup and pg_receivexlog

From: Stephen Frost
Date: 19 March 2013, 15:39:31
Subject: Re: Trust intermediate CA for client certificates

Re: [GENERAL] Trust intermediate CA for client certificates - Mailing list pgsql-hackers

Previous

Next