SSL patch that adds support for optional client certificates.
Bruce Momjian <bruce@momjian.us>
SSL patch that adds support for optional client certificates. If the user has certificates in $HOME/.postgresql/postgresql.crt and $HOME/.postgresql/postgresql.key exist, they are provided to the server. The certificate used to sign this cert must be known to the server, in $DataDir/root.crt. If successful, the cert's "common name" is logged. Client certs are not used for authentication, but they could be via the port->peer (X509 *), port->peer_dn (char *) or port->peer_cn (char *) fields. Or any other function could be used, e.g., many sites like the issuer + serial number hash. Bear Giles
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/libpq/be-secure.c | modified | +51 −3 |
| src/include/libpq/libpq-be.h | modified | +4 −1 |
| src/interfaces/libpq/fe-secure.c | modified | +116 −2 |