Home > mailing lists

Re: [PATCH] Log details for client certificate failures - Mailing list pgsql-hackers

From	Graham Leggett
Subject	Re: [PATCH] Log details for client certificate failures
Date	June 30, 2022 12:53:58
Msg-id	6EE6999E-0174-4B74-AC70-BE13F53E6827@sharp.fm Whole thread Raw
In response to	Re: [PATCH] Log details for client certificate failures (Peter Eisentraut <peter.eisentraut@enterprisedb.com>)
Responses	Re: [PATCH] Log details for client certificate failures (Jacob Champion <jchampion@timescale.com>)
List	pgsql-hackers

Tree view

On 30 Jun 2022, at 10:43, Peter Eisentraut <peter.eisentraut@enterprisedb.com> wrote:

I wrote that pg_stat_ssl uses the *issuer* plus serial number to identify a certificate. What your patch shows is the subject and the serial number, which isn't the same thing. Let's get that sorted out one way or the other.

Quick observation on this one, the string format of an issuer and serial number is defined as a “Certificate Exact Assertion” in RFC 4523.

I added this to httpd a while back:

SSL_CLIENT_CERT_RFC4523_CEA

It would be good to interoperate.

Regards,

Graham

—

pgsql-hackers by date:

From: Peter Eisentraut
Date: 30 June 2022, 12:43:21
Subject: Re: [PATCH] Log details for client certificate failures

From: Justin Pryzby
Date: 30 June 2022, 12:55:36
Subject: Re: doc phrase: "inheritance child"

Re: [PATCH] Log details for client certificate failures - Mailing list pgsql-hackers

Previous

Next