Ian Pilcher <[email protected]> writes:
> Yes. And the problem is that there is no way to prevent OpenSSL from
> accepting intermediate certificates supplied by the client. As a
> result, the server cannot accept client certificates signed by one
> intermediate CA without also accepting *any* client certificate that can
> present a chain back to the root CA.
Isn't that sort of the point?
regards, tom lane
--
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
