-
- Downloads
Add new clientcert hba option verify-full
This allows a login to require both that the cn of the certificate matches (like authentication type cert) *and* that another authentication method (such as password or kerberos) succeeds as well. The old value of clientcert=1 maps to the new clientcert=verify-ca, clientcert=0 maps to the new clientcert=no-verify, and the new option erify-full will add the validation of the CN. Author: Julian Markwort, Marius Timmer Reviewed by: Magnus Hagander, Thomas Munro
Showing
- doc/src/sgml/client-auth.sgml 16 additions, 9 deletionsdoc/src/sgml/client-auth.sgml
- doc/src/sgml/runtime.sgml 41 additions, 13 deletionsdoc/src/sgml/runtime.sgml
- src/backend/libpq/auth.c 36 additions, 11 deletionssrc/backend/libpq/auth.c
- src/backend/libpq/hba.c 24 additions, 9 deletionssrc/backend/libpq/hba.c
- src/include/libpq/hba.h 8 additions, 1 deletionsrc/include/libpq/hba.h
- src/test/ssl/t/001_ssltests.pl 22 additions, 1 deletionsrc/test/ssl/t/001_ssltests.pl
- src/test/ssl/t/SSLServer.pm 9 additions, 1 deletionsrc/test/ssl/t/SSLServer.pm
Loading
Please register or sign in to comment