]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6b9e875) | patch
Add new clientcert hba option verify-full
authorMagnus Hagander <magnus@hagander.net>
Sat, 9 Mar 2019 20:09:10 +0000 (12:09 -0800)
committerMagnus Hagander <magnus@hagander.net>
Sat, 9 Mar 2019 20:19:47 +0000 (12:19 -0800)
commit0516c61b756e39ed6eb7a6bb54311a841002211a
tree7dc8f6760d2e0d1f19f1cbd5bde7cf09e0528ec0tree | snapshot
parent6b9e875f7286d8535bff7955e5aa3602e188e436commit | diff
Add new clientcert hba option verify-full

This allows a login to require both that the cn of the certificate
matches (like authentication type cert) *and* that another
authentication method (such as password or kerberos) succeeds as well.

The old value of clientcert=1 maps to the new clientcert=verify-ca,
clientcert=0 maps to the new clientcert=no-verify, and the new option
erify-full will add the validation of the CN.

Author: Julian Markwort, Marius Timmer
Reviewed by: Magnus Hagander, Thomas Munro
doc/src/sgml/client-auth.sgml diff | blob | history
doc/src/sgml/runtime.sgml diff | blob | history
src/backend/libpq/auth.c diff | blob | history
src/backend/libpq/hba.c diff | blob | history
src/include/libpq/hba.h diff | blob | history
src/test/ssl/t/001_ssltests.pl diff | blob | history
src/test/ssl/t/SSLServer.pm diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.