Re: Is it worth accepting multiple CRLs?
Kyotaro Horiguchi <horikyota.ntt@gmail.com>
From: Kyotaro Horiguchi <horikyota.ntt@gmail.com>
To: peter.eisentraut@enterprisedb.com
Cc: sfrost@snowman.net, pgsql-hackers@postgresql.org
Date: 2021-01-19T08:32:00Z
Lists: pgsql-hackers
Attachments
- v3-0001-Allow-to-specify-CRL-directory.patch (text/x-patch)
At Tue, 19 Jan 2021 09:17:34 +0900 (JST), Kyotaro Horiguchi <horikyota.ntt@gmail.com> wrote in > By the way we can do the same thing on CA file/dir, but I personally > think that the benefit from the specify-by-directory for CA files is > far less than CRL files. So I'm not going to do this for CA files for > now. This is it. A new guc ssl_crl_dir and connection option crldir are added. One problem raised upthread is the footprint for test is quite large because all certificate and key files are replaced by this patch. I think we can shrink the footprint by generating that files on-demand but that needs openssl frontend to be installed on the development environment. If we agree that requirement, I'm going to go that direction. regards. -- Kyotaro Horiguchi NTT Open Source Software Center
Commits
-
Allow specifying CRL directory
- f5465fade908 14.0 landed
-
Introduce --with-ssl={openssl} as a configure option
- fe61df7f82aa 14.0 cited