Home > mailing lists

Re: Trust intermediate CA for client certificates - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Trust intermediate CA for client certificates
Date	December 2, 2013 23:17:33
Msg-id	20920.1386015433@sss.pgh.pa.us Whole thread Raw
In response to	Re: Trust intermediate CA for client certificates (Ian Pilcher <arequipeno@gmail.com>)
Responses	Re: Trust intermediate CA for client certificates
List	pgsql-hackers

Tree view

Ian Pilcher <arequipeno@gmail.com> writes:
> Yes.  And the problem is that there is no way to prevent OpenSSL from
> accepting intermediate certificates supplied by the client.  As a
> result, the server cannot accept client certificates signed by one
> intermediate CA without also accepting *any* client certificate that can
> present a chain back to the root CA.

Isn't that sort of the point?
        regards, tom lane

pgsql-hackers by date:

From: Dimitri Fontaine
Date: 02 December 2013, 23:16:10
Subject: Re: Extension Templates S03E11

From: Stephen Frost
Date: 02 December 2013, 23:17:45
Subject: Re: Extension Templates S03E11

Re: Trust intermediate CA for client certificates - Mailing list pgsql-hackers

Previous

Next