NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit2dbb7b9

committed

Fix pg_hba_file_rules for authentication method cert

For authentication method cert, clientcert=verify-full is implied. Butthe pg_hba_file_rules entry would incorrectly show clientcert=verify-ca.Per bug #17354Reported-By: Feike SteenbergenReviewed-By: Jonathan KatzBackpatch-through: 12

1 parentbd233bd commit2dbb7b9Copy full SHA for 2dbb7b9

File tree

1 file changed

-1

lines changed

src/backend/libpq
- hba.c

1 file changed

-1

lines changed

`‎src/backend/libpq/hba.c`

Lines changed: 5 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1684,7 +1684,11 @@ parse_hba_line(TokenizedLine *tok_line, int elevel)`
`1684`	`1684`	`*/`
`1685`	`1685`	`if (parsedline->auth_method==uaCert)`
`1686`	`1686`	`{`
`1687`		`-parsedline->clientcert=clientCertCA;`
	`1687`	`+/*`
	`1688`	`+ * For auth method cert, client certificate validation is mandatory, and it implies`
	`1689`	`+ * the level of verify-full.`
	`1690`	`+ */`
	`1691`	`+parsedline->clientcert=clientCertFull;`
`1688`	`1692`	`}`
`1689`	`1693`
`1690`	`1694`	`returnparsedline;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit2dbb7b9

File tree

1 file changed

1 file changed

`‎src/backend/libpq/hba.c`

0 commit comments