Home > mailing lists

Re: Allow matching whole DN from a client certificate - Mailing list pgsql-hackers

From	Daniel Gustafsson
Subject	Re: Allow matching whole DN from a client certificate
Date	November 12, 2020 16:37:39
Msg-id	9930F01C-7DA7-444B-818F-3C03DF9A3A90@yesql.se Whole thread Raw
In response to	Allow matching whole DN from a client certificate (Andrew Dunstan <andrew@dunslane.net>)
Responses	Re: Allow matching whole DN from a client certificate (Andrew Dunstan <andrew@dunslane.net>)
List	pgsql-hackers

Tree view

> On 11 Nov 2020, at 21:44, Andrew Dunstan <andrew@dunslane.net> wrote:

> If people like this idea I'll add tests and docco and add it to the next CF.

Sounds like a good idea, please do.

Can this case really happen in non-ancient OpenSSL version?
+        if (!x509name)

Doesn't this returnpath need a pfree(peer_cn)?
+        bio = BIO_new(BIO_s_mem());
+        if (!bio)
+        {
+            return -1;
+        }

cheers ./daniel

pgsql-hackers by date:

From: Andrew Gierth
Date: 12 November 2020, 16:35:31
Subject: Re: Strange GiST logic leading to uninitialized memory access in pg_trgm gist code

From: Alvaro Herrera
Date: 12 November 2020, 16:40:43
Subject: Re: PATCH: Batch/pipelining support for libpq

Re: Allow matching whole DN from a client certificate - Mailing list pgsql-hackers

Previous

Next