<p dir="ltr">Hi there,<br>
I don't know if there was any other debate on this patch but I couldn't find it. Client certificates are essential to my use of pgpool. I tested this patch on top of 3.3.3 and it appeared to work very well for it. I suggest it be considered for merge.<br>
Many thanks,<br>
Sam<br></p>
<p dir="ltr">><br>
> Thank you for the patch.<br>
> I am not an expert on SSL, so I would love to hear from others on the list.<br>
> If we could agree this is a good thing, the patch will be merged in to 3.3.<br>
> --<br>
> Tatsuo Ishii<br>
> SRA OSS, Inc. Japan<br>
> English: <a href="http://www.sraoss.co.jp/index_en.php">http://www.sraoss.co.jp/index_en.php</a><br>
> Japanese: <a href="http://www.sraoss.co.jp">http://www.sraoss.co.jp</a><br>
><br>
> > -----BEGIN PGP SIGNED MESSAGE-----<br>
> > Hash: SHA1<br>
> > <br>
> > Hi,<br>
> > <br>
> > We recently encountered a problem using pgpool with mutual<br>
> > authentication between a<br>
> > client (pgpool) and a server (postgres). We determined that the problem<br>
> > was due to pgpool<br>
> > not loading client certificates & private keys when connecting to a<br>
> > backend - while pgpool loaded<br>
> > a CA certificate to authenticate the backend, it did not provide its own<br>
> > credentials to said backend.<br>
> > <br>
> > We were unsure whether or not this was a deliberate omission, and so we<br>
> > changed the pgpool<br>
> > codebase to allow for mutual authentication. The changes provide for <br>
> > additional per-backend<br>
> > configuration directives to set certificates, keys, etc. These<br>
> > directives are then used when configuring<br>
> > the OpenSSL context.<br>
> > <br>
> > I have attached a patch against Git revision<br>
> > 3f89a334fe08dfcd199d9e45728a04ddb1d2ec85.<br>
> > <br>
> > Cheers,<br>
> > Warren Armstrong<br>
> > -----BEGIN PGP SIGNATURE-----<br>
> > Version: GnuPG v2.0.17 (MingW32)<br>
> > Comment: Using GnuPG with Mozilla - <a href="http://www.enigmail.net/">http://www.enigmail.net/</a><br>
> > <br>
> > iEYEARECAAYFAlBs6rsACgkQIZlA5/+bUwn3eQCgjtbapglXoRX/jPle4aMeDOzu<br>
> > 3moAoJC9eqIBVAI+Nm1UtwApuHnKWFyR<br>
> > =SFLK<br>
> > -----END PGP SIGNATURE-----</p>