[pgpool-hackers: 3005] Re: New feature: supporting SCRAM and CERT based authentication in Pgpool-II
Tatsuo Ishii
ishii at sraoss.co.jp
Tue Aug 28 09:53:17 JST 2018
One thing I forgot to mention:
>> BTW, do we need 'ssl_ca_cert_dir' ? PostgreSQL doesn't expose such an
>> option, so maybe NULL is better ? See their root_cert_dir code.
As far as I know, SSL_CTX_load_verify_locations(Pgpool-II uses this
function with ssl_ca_cert_dir) kindly tracks the certificate chain,
which PostgreSQL does not. So it seems ssl_ca_cert_dir is a good thing
and I think we need to keep it.
https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_load_verify_locations.html
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
More information about the pgpool-hackers
mailing list