Home > mailing lists

Re: [PATCH] Log details for client certificate failures - Mailing list pgsql-hackers

From	Jacob Champion
Subject	Re: [PATCH] Log details for client certificate failures
Date	July 1, 2022 23:59:42
Msg-id	CAAWbhmiKmsRhMCvGqjyNrb-eSivgK2UtH8DOMZ3E-2Zu9Lu-LQ@mail.gmail.com Whole thread Raw
In response to	Re: [PATCH] Log details for client certificate failures (Graham Leggett <minfrin@sharp.fm>)
Responses	Re: [PATCH] Log details for client certificate failures
List	pgsql-hackers

Tree view

On Thu, Jun 30, 2022 at 2:54 AM Graham Leggett <minfrin@sharp.fm> wrote:
>
> I added this to httpd a while back:
>
> SSL_CLIENT_CERT_RFC4523_CEA
>
> It would be good to interoperate.

What kind of interoperation did you have in mind? Are there existing
tools that want to scrape this information for observability?

I think the CEA syntax might not be a good fit for this particular
patch: first, we haven't actually verified the certificate, so no one
should be using it to assert certificate equality (and I'm truncating
the Issuer anyway, to avoid letting someone flood the logs). Second,
this is designed to be human-readable rather than machine-readable.

Thanks,
--Jacob

pgsql-hackers by date:

From: Jacob Champion
Date: 01 July 2022, 23:51:24
Subject: Re: [PATCH] Log details for client certificate failures

From: Andres Freund
Date: 02 July 2022, 00:06:15
Subject: Re: EINTR in ftruncate()

Re: [PATCH] Log details for client certificate failures - Mailing list pgsql-hackers

Previous

Next