On Mon, Aug 18, 2014 at 12:54 PM, Heikki Linnakangas <hlinnakan...@vmware.com> wrote: > server_cert_valid: Did the server present a valid certificate? "yes" or > "no"
Is this just whether the signature verifies? Or whether the chain is all verified? Or whether the chain leads to a root in the directory? Does it include verifying the CN? How does the CN comparison get done? I think you either need to decide that libpq will do all the verification and impose a blanket policy or leave the verification up to the application and just return each of these properties as individual boolean flags. -- greg -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
