Home > mailing lists

Re: Allow matching whole DN from a client certificate - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: Allow matching whole DN from a client certificate
Date	November 13, 2020 00:21:18
Msg-id	36758457-be5d-89a1-6e47-f494b088a2d4@dunslane.net Whole thread Raw
In response to	Re: Allow matching whole DN from a client certificate (Daniel Gustafsson <daniel@yesql.se>)
Responses	Re: Allow matching whole DN from a client certificate
List	pgsql-hackers

Tree view

On 11/12/20 8:37 AM, Daniel Gustafsson wrote:
>> On 11 Nov 2020, at 21:44, Andrew Dunstan <andrew@dunslane.net> wrote:
>> If people like this idea I'll add tests and docco and add it to the next CF.
> Sounds like a good idea, please do.
>
> Can this case really happen in non-ancient OpenSSL version?
> +        if (!x509name)


Probably not. I'll get rid of that.


> Doesn't this returnpath need a pfree(peer_cn)?
> +        bio = BIO_new(BIO_s_mem());
> +        if (!bio)
> +        {
> +            return -1;
> +        }
>

Yeah, I'll make another pass over the cleanups.


Thanks for reviewing.


cheers


andrew



--
Andrew Dunstan
EDB: https://www.enterprisedb.com

pgsql-hackers by date:

From: Tom Lane
Date: 12 November 2020, 23:14:34
Subject: Re: avoid bitmapOR-ing indexes with scan condition inconsistent with partition constraint

From: Peter Geoghegan
Date: 13 November 2020, 01:00:07
Subject: Re: Deleting older versions in unique indexes to avoid page splits

Re: Allow matching whole DN from a client certificate - Mailing list pgsql-hackers

Previous

Next