Home > mailing lists

Re: Trust intermediate CA for client certificates - Mailing list pgsql-hackers

From	Ian Pilcher
Subject	Re: Trust intermediate CA for client certificates
Date	December 3, 2013 00:22:43
Msg-id	529CFA11.5090403@gmail.com Whole thread Raw
In response to	Re: Trust intermediate CA for client certificates (Stephen Frost <sfrost@snowman.net>)
Responses	Re: Trust intermediate CA for client certificates
List	pgsql-hackers

Tree view

On 12/02/2013 03:15 PM, Stephen Frost wrote:
> That isn't at *all* accurate.  Authorization is handled by pg_ident and
> PG's role and grant system.  We are only using OpenSSL's trust of the
> certificate for authentication.

OK, how do I configure Postgres to only allow connections when the
client presents a certificate signed by a particular intermediate CA?

AFAIK, there is currently no way to do this.

-- 
========================================================================
Ian Pilcher                                         arequipeno@gmail.com          Sent from the cloud -- where it's
alreadytomorrow
 
========================================================================

pgsql-hackers by date:

From: Dimitri Fontaine
Date: 03 December 2013, 00:22:41
Subject: Re: Extension Templates S03E11

From: Andrew Dunstan
Date: 03 December 2013, 00:24:04
Subject: Re: Trust intermediate CA for client certificates

Re: Trust intermediate CA for client certificates - Mailing list pgsql-hackers

Previous

Next