Home > mailing lists

Re: doc patch for ssl in server - Mailing list pgsql-patches

From	Tom Lane
Subject	Re: doc patch for ssl in server
Date	September 24, 2004 00:38:17
Msg-id	9752.1095971872@sss.pgh.pa.us Whole thread Raw
In response to	doc patch for ssl in server (Dominic Mitchell <dom@happygiraffe.net>)
Responses	Re: doc patch for ssl in server
List	pgsql-patches

Tree view

Dominic Mitchell <dom@happygiraffe.net> writes:
> +   If verification of client certificates is required, place the
> +   certificates of the <acronym>CA</acronym> you wish to check for in
> +   the file <filename>root.crt</filename> in the data directory.  When
> +   present, a client certificate will be requested from the client
> +   making the connection and it must have been signed by one of the
> +   certificates present in <filename>root.crt</filename>.  If no
> +   certificate is presented, the connection will be allowed to proceed
> +   anway.

That last statement is not actually correct, is it?  AFAICS we do tell
SSL to enforce certificates if we find a valid root.crt file.

            regards, tom lane

pgsql-patches by date:

From: Tom Lane
Date: 24 September 2004, 00:16:35
Subject: Re: psql: rollback only last query on error

From: dom@happygiraffe.net (Dominic Mitchell)
Date: 24 September 2004, 01:12:54
Subject: Re: doc patch for ssl in server

Re: doc patch for ssl in server - Mailing list pgsql-patches

Previous

Next