On Fri, Jan 26, 2018 at 08:09:30AM -0500, Bruce Momjian wrote:
> On Thu, Jan 25, 2018 at 10:59:23PM -0500, Peter Eisentraut wrote:
> > If you change the Makefile rule for generating the client CA to omit the
> > -extensions v3_ca option, then the first test will fail.
>
> Oh, very good!
Good poin
On Thu, Jan 25, 2018 at 10:59:23PM -0500, Peter Eisentraut wrote:
> On 1/16/18 00:33, Michael Paquier wrote:
> > On top of that, src/test/ssl does not provide any kind of coverage for
> > that. It would be an area of improvement for those tests.
>
> The tests already cover this:
>
> # intermediat
On 1/16/18 00:33, Michael Paquier wrote:
> On top of that, src/test/ssl does not provide any kind of coverage for
> that. It would be an area of improvement for those tests.
The tests already cover this:
# intermediate client_ca.crt is provided by client, and isn't in
server's ssl_ca_file
switch_
On Thu, Jan 18, 2018 at 12:17:40PM +0900, Michael Paquier wrote:
> On Wed, Jan 17, 2018 at 09:00:17PM -0500, Bruce Momjian wrote:
> > On Thu, Jan 18, 2018 at 10:25:03AM +0900, Michael Paquier wrote:
> > > /etc/ssl/openssl.cnf is not available on macos or Windows, which can
> > > lead to a bit of co
On Wed, Jan 17, 2018 at 09:00:17PM -0500, Bruce Momjian wrote:
> On Thu, Jan 18, 2018 at 10:25:03AM +0900, Michael Paquier wrote:
> > /etc/ssl/openssl.cnf is not available on macos or Windows, which can
> > lead to a bit of confusion as I would imagine that people would
> > copy/paste such commands
On Thu, Jan 18, 2018 at 10:25:03AM +0900, Michael Paquier wrote:
> On Wed, Jan 17, 2018 at 07:34:42AM -0500, Bruce Momjian wrote:
> > Yes, I was not happy about that either. I was afraid that pound-sign
> > comments would look like root prompts but I just added them and they
> > look fine. Update
On Wed, Jan 17, 2018 at 07:34:42AM -0500, Bruce Momjian wrote:
> On Wed, Jan 17, 2018 at 05:20:00PM +0900, Michael Paquier wrote:
> > The succession of commands of commands for the intermediate certificates
> > is wild. Could it be possible to explain what each command means? Users
> > would not ge
On Wed, Jan 17, 2018 at 08:39:55AM -0500, Bruce Momjian wrote:
> On Wed, Jan 17, 2018 at 07:34:42AM -0500, Bruce Momjian wrote:
> > > The succession of commands of commands for the intermediate certificates
> > > is wild. Could it be possible to explain what each command means? Users
> > > would no
On Wed, Jan 17, 2018 at 07:34:42AM -0500, Bruce Momjian wrote:
> > The succession of commands of commands for the intermediate certificates
> > is wild. Could it be possible to explain what each command means? Users
> > would not get lost this way.
>
> Yes, I was not happy about that either. I wa
On Wed, Jan 17, 2018 at 05:20:00PM +0900, Michael Paquier wrote:
> On Tue, Jan 16, 2018 at 10:23:44PM -0500, Bruce Momjian wrote:
> > On Wed, Jan 17, 2018 at 09:09:50AM +0900, Michael Paquier wrote:
> > > On Tue, Jan 16, 2018 at 11:21:22AM -0500, Bruce Momjian wrote:
> > > > On Tue, Jan 16, 2018 at
On Tue, Jan 16, 2018 at 10:23:44PM -0500, Bruce Momjian wrote:
> On Wed, Jan 17, 2018 at 09:09:50AM +0900, Michael Paquier wrote:
> > On Tue, Jan 16, 2018 at 11:21:22AM -0500, Bruce Momjian wrote:
> > > On Tue, Jan 16, 2018 at 02:33:05PM +0900, Michael Paquier wrote:
>
> I ended up merging the "ch
On Wed, Jan 17, 2018 at 09:09:50AM +0900, Michael Paquier wrote:
> On Tue, Jan 16, 2018 at 11:21:22AM -0500, Bruce Momjian wrote:
> > On Tue, Jan 16, 2018 at 02:33:05PM +0900, Michael Paquier wrote:
> > > This bit is important. I am happy that your patch mentions that
> > > intermediate certificate
On Tue, Jan 16, 2018 at 11:21:22AM -0500, Bruce Momjian wrote:
> On Tue, Jan 16, 2018 at 02:33:05PM +0900, Michael Paquier wrote:
> > This bit is important. I am happy that your patch mentions that
> > intermediate certificates avoid the need to store root ones on the
> > client. Should the docs me
On Tue, Jan 16, 2018 at 02:33:05PM +0900, Michael Paquier wrote:
> > My talk documents this behavior. In this talk:
> >
> > https://momjian.us/main/writings/pgsql/tls.pdf
> >
> > slide 47 and 49 use -extensions v3_ca. Slides 73 and 74 show that the
> > intermediate is not needed on the clie
On Mon, Jan 15, 2018 at 07:22:38PM -0500, Bruce Momjian wrote:
> I asked Stephen Frost and David Steele for details on the arcane art of
> SSL certificate creation. They showed me scripts they use and explained
> that they properly pass intermediate certificates to clients. The trick
> was to use
15 matches
Mail list logo
