Home > mailing lists

Re: Allow matching whole DN from a client certificate - Mailing list pgsql-hackers

From	Andrew Dunstan
Subject	Re: Allow matching whole DN from a client certificate
Date	November 18, 2020 21:01:09
Msg-id	daf119af-60a3-54d9-978e-8c97a602ca28@dunslane.net Whole thread Raw
In response to	Re: Allow matching whole DN from a client certificate (Andrew Dunstan <andrew@dunslane.net>)
Responses	Re: Allow matching whole DN from a client certificate (Daniel Gustafsson <daniel@yesql.se>)
List	pgsql-hackers

Tree view

On 11/12/20 4:21 PM, Andrew Dunstan wrote:
> On 11/12/20 8:37 AM, Daniel Gustafsson wrote:
>>> On 11 Nov 2020, at 21:44, Andrew Dunstan <andrew@dunslane.net> wrote:
>>> If people like this idea I'll add tests and docco and add it to the next CF.
>> Sounds like a good idea, please do.
>>
>> Can this case really happen in non-ancient OpenSSL version?
>> +        if (!x509name)
> Probably not. I'll get rid of that.
>
>
>> Doesn't this returnpath need a pfree(peer_cn)?
>> +        bio = BIO_new(BIO_s_mem());
>> +        if (!bio)
>> +        {
>> +            return -1;
>> +        }
>>
> Yeah, I'll make another pass over the cleanups.
>


OK, here's a new patch, including docco and tests.


cheers


andrew


--
Andrew Dunstan
EDB: https://www.enterprisedb.com

Attachment

ssl-match-client-cert-dn-v2.patch

pgsql-hackers by date:

From: Robert Haas
Date: 18 November 2020, 20:59:01
Subject: Re: VACUUM (DISABLE_PAGE_SKIPPING on)

From: Andres Freund
Date: 18 November 2020, 21:13:42
Subject: Re: [Patch] Optimize dropping of relation buffers using dlist

Re: Allow matching whole DN from a client certificate - Mailing list pgsql-hackers

Attachment

Previous

Next