[pgpool-hackers: 3505] [PATCH] Feature: Support for CRL (Certificate Revocation List)
Umar Hayat
m.umarkiani at gmail.com
Tue Feb 11 17:35:56 JST 2020
Hi Hackers,
I saw "Support for CRL (Certificate Revocation List)" feature in PgPool-II
TODO list
<https://pgpool.net/mediawiki/index.php/TODO#Support_for_CRL_(Certificate_Revocation_List)>,
so I implemented the CRL support. Please find attached patch for feature.
A new configuration variable *'ssl_crl_file'* is introduced to specify CRL
file path (same os PostgreSQL). CRL will be loaded start up, as other ssl
files, so change in *'ssl_crl_file' *will require restart.
If *'ssl_crl_file' *is define and there is a revocation entry in CRL file,
authentication will fail with error *"error: could not connect to server:
SSL error: sslv3 alert certificate revoked".*
Patch Include:
CRL Feature implementation
Documentation updates
Sample configuration updates
Regards,
Umar Hayat
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20200211/1b5e70d4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: crl_support.diff
Type: application/octet-stream
Size: 9077 bytes
Desc: not available
URL: <http://www.sraoss.jp/pipermail/pgpool-hackers/attachments/20200211/1b5e70d4/attachment.obj>
More information about the pgpool-hackers
mailing list