Home > mailing lists

Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11 - Mailing list pgsql-general

From	Yi Sun
Subject	Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11
Date	December 2, 2021 06:31:26
Msg-id	CABWY_HCjmzoGB1chrJXG6otCVdg9teuW-UJr4afeSjjRZZKxFA@mail.gmail.com Whole thread Raw
In response to	Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11 (Kyotaro Horiguchi <horikyota.ntt@gmail.com>)
Responses	Re: ssl_crl_file Certificate Revocation List doesn't work for postgresql 11 (Kyotaro Horiguchi <horikyota.ntt@gmail.com>)
List	pgsql-general

Hi Kyotaro

From the description, seems ~/.postgresql/root.crl is store client revoked certificate

~/.postgresql/root.crl certificates revoked by certificate authorities server certificate must not be on this list

Just don't know why server parameter ssl_crl_file parameter configured but don't take affect

ssl_crl_file (string): Specifies the name of the file containing the SSL server certificate revocation list (CRL). Relative paths are relative to the data directory. This parameter can only be set in the postgresql.conf file or on the server command line. The default is empty, meaning no CRL file is loaded.

From: Michael Lewis
Date: 02 December 2021, 05:08:08
Subject: Re: Max connections reached without max connections reached

From: Rob Sargent
Date: 02 December 2021, 06:54:20
Subject: Re: Max connections reached without max connections reached