On Sat, Mar 9, 2019 at 11:03 AM Magnus Hagander wrote:
> On Sun, Feb 17, 2019 at 7:50 PM Michael Paquier
> wrote:
>
>> On Fri, Feb 15, 2019 at 08:03:24PM -0800, Andres Freund wrote:
>> > I see you've marked the patch as needs review - but as the patch
>> > previously was marked as ready-for-comm
On Sun, Feb 17, 2019 at 7:50 PM Michael Paquier wrote:
> On Fri, Feb 15, 2019 at 08:03:24PM -0800, Andres Freund wrote:
> > I see you've marked the patch as needs review - but as the patch
> > previously was marked as ready-for-committer, and I assume nothing
> > substantial has changed, I think
On Fri, Feb 15, 2019 at 08:03:24PM -0800, Andres Freund wrote:
> I see you've marked the patch as needs review - but as the patch
> previously was marked as ready-for-committer, and I assume nothing
> substantial has changed, I think RFC might still be the accurate state?
Yes, RFC sounds good to m
Hi,
On 2019-02-06 15:19:56 +, Timmer, Marius wrote:
> On Mon, Jan 04, 2019 at 03:06, Michael Paquier wrote:
> > I have moved the patch to next CF, waiting on author as the latest
> > patch does not apply. Could it be rebased?
> The patch is rebased and applies now.
I see you've marked the p
On Mon, Jan 04, 2019 at 03:06, Michael Paquier wrote:
> On Thu, Dec 27, 2018 at 12:14:03PM +0100, Magnus Hagander wrote:
>> I definitely am. In fact, I was ages ago (was planning for early December,
>> but hey, see wher that let me), so my apologies for failing at that. But it
>> definitely remains
On Thu, Dec 27, 2018 at 12:14:03PM +0100, Magnus Hagander wrote:
> I definitely am. In fact, I was ages ago (was planning for early December,
> but hey, see wher that let me), so my apologies for failing at that. But it
> definitely remains on my list of things to get to!
So, Magnus, where are we
On Tue, Dec 25, 2018 at 9:08 AM Michael Paquier wrote:
> On Fri, Nov 30, 2018 at 12:24:04PM +1300, Thomas Munro wrote:
> > The tests pass and show the feature working correctly. I think this
> > is getting close to committable. I see that Magnus has signed up as
> > committer.
>
> It has been o
On Fri, Nov 30, 2018 at 12:24:04PM +1300, Thomas Munro wrote:
> The tests pass and show the feature working correctly. I think this
> is getting close to committable. I see that Magnus has signed up as
> committer.
It has been one month since this message, and the patch is marked as
ready for co
Hello Thomas,
thank you for reviewing our patch.
> Why did you put "trust" there instead of "$authmethod" like the previous
> lines?
That is a good question in deed. We changed that accordingly.
> The tests pass and show the feature working correctly. I think this
> is getting close to committ
On Fri, Oct 26, 2018 at 2:08 AM Marius Timmer
wrote:
> We (Julian and I) would like to show you the seventh version of this
> patch which includes all the things mentioned before. Unfortunately
> we did not find the time to do this earlier.
+case uaCert:
case uaTrust:
Maybe add
Hi,
after talking with Marius:
The last sentence in his mail concerning the progress
suffers from poor translation, and can safely be ignored ;-)
We didn't intend to push anybody.
VlG-(Marius Timmer &) Arne Scheffer
On 25.10.18 15:08, Marius Timmer wrote:
Dear hackers,
We (Julian and I) wou
Dear hackers,
We (Julian and I) would like to show you the seventh version of this
patch which includes all the things mentioned before. Unfortunately
we did not find the time to do this earlier.
On 07/19/2018 03:00 AM, Thomas Munro wrote:
> you could just have one common code path to reach Chec
On 03.08.2018 at 08:09 David Fetter wrote:
I've rebased the patch atop master so it applies and passes 'make
check-world'. I didn't make any other changes.
Best,
David.
Much appreciated!
On Mon, Jul 30, 2018 at 02:20:43PM +0200, Julian Markwort wrote:
> On 07/19/2018 03:00 AM, Thomas Munro wrote:
> >Some more comments:
> >
> > if (parsedline->auth_method == uaCert)
> > {
> >- parsedline->clientcert = true;
> >+ parsedline->clientcert = cl
On 07/19/2018 03:00 AM, Thomas Munro wrote:
Some more comments:
if (parsedline->auth_method == uaCert)
{
- parsedline->clientcert = true;
+ parsedline->clientcert = clientCertOn;
}
The "cert" method is technically redundant with this patch,
On Sun, Jul 15, 2018 at 12:47 AM, Julian Markwort
wrote:
> Also, while writing this part of the docs, I tried to stay below 80
> characters, but I've exceeded it in some places.
> There are several other places (several in the .sgml files touched by this
> patch), where 80 characters are exceede
Hi Thomas,
here's a rebased patch, with your observations corrected.
Thomas Munro wrote on 2018-07-13:
> + In this case, the CN (nommon name) provided in
> "common name"
> + CN (Common Name) in the certificate matches
> "common"? (why a capital letter here?)
I've resorted to "CN (Common Name
On Sat, Apr 14, 2018 at 3:48 AM, Julian Markwort
wrote:
> [a patch]
Hello Julian,
Could you please post a rebased patch?
I haven't reviewed or tested any code yet, but here's some proof-reading:
+ This behaviour is similar to the cert autentication method
"behavior" (our manual is writt
On Tue, 2018-04-10 at 18:35 +0200, Magnus Hagander wrote:
> As Peter mentionde, there are in src/test/ssl. I forgot about those,
> but yes, it would be useful to have that.
I've added three tests:
- verify-full specified, CN and username match -- should connect ok
- verify-full specified, CN and us
On Tue, Apr 10, 2018 at 2:10 PM, Julian Markwort <
julian.markw...@uni-muenster.de> wrote:
> On Fri, 2018-04-06 at 20:31 +0200, Magnus Hagander wrote:
>
> I've been through this one again.
>
> Thanks for taking the time!
>
> There is one big omission from it -- it fails to work with the view
> pg_
On 4/10/18 08:10, Julian Markwort wrote:
>> Attached is an updated patch with these changes. I'd appreciate it if
>> you can run it through your tests to confirm that it didn't break any
>> of those usecases.
> I've tested a couple of things with this and it seems to work as
> expected. Unforunatel
On Fri, 2018-04-06 at 20:31 +0200, Magnus Hagander wrote:
> I've been through this one again.
Thanks for taking the time!
> There is one big omission from it -- it fails to work with the view
> pg_hba_file_rules. When fixing that, things started to look kind of
> ugly with the "two booleans to ind
On Sun, Apr 1, 2018 at 6:07 PM, Magnus Hagander wrote:
> On Sun, Apr 1, 2018 at 6:01 PM, Julian Markwort <
> julian.markw...@uni-muenster.de> wrote:
>
>> On 1. of April 2018 17:46:38 MESZ wrote Magnus Hagander <
>> mag...@hagander.net>:
>>
>> >I assume this is a patch that's intended to be applie
On Sun, Apr 1, 2018 at 6:01 PM, Julian Markwort <
julian.markw...@uni-muenster.de> wrote:
> On 1. of April 2018 17:46:38 MESZ wrote Magnus Hagander <
> mag...@hagander.net>:
>
> >I assume this is a patch that's intended to be applied on top of the
> >previous patch? If so, please submit the comple
On 1. of April 2018 17:46:38 MESZ wrote Magnus Hagander :
>I assume this is a patch that's intended to be applied on top of the
>previous patch? If so, please submit the complete pach to make sure the
>correct combination ends up actually being reviewed.
The v02.patch attached to my last mail con
On Fri, Mar 23, 2018 at 3:45 PM, Julian Markwort <
julian.markw...@uni-muenster.de> wrote:
> On Sat, 2018-03-17 at 18:24 +0100, Magnus Hagander wrote:
>
> The error message "certificate authentication failed for user XYZ:
> client certificate contains no user name" is the result of calling
> Check
On Sat, 2018-03-17 at 18:24 +0100, Magnus Hagander wrote:
> > The error message "certificate authentication failed for user XYZ:
> >
> > client certificate contains no user name" is the result of calling
> >
> > CheckCertAuth when the user presented a certificate without a CN in
> > it.
>
> That
On Fri, Mar 9, 2018 at 2:11 PM, Julian Markwort <
julian.markw...@uni-muenster.de> wrote:
> Hello Magnus,
>
> > I think this makes a lot of sense, and can definitely be a useful
> > option.
>
> I was hesistant to write a long and elaborate patch as I wasn't certain
> if there was any interest for
Hello Magnus,
> I think this makes a lot of sense, and can definitely be a useful
> option.
I was hesistant to write a long and elaborate patch as I wasn't certain
if there was any interest for such an addition, but I'm thankful for
your input.
> However, the patch is completely lacking document
On Fri, Feb 16, 2018 at 4:45 PM, Julian Markwort <
julian.markw...@uni-muenster.de> wrote:
> Dear Postgresql Hackers,
>
> as of now, pg_hba.conf allows us to enable authentification by
> certificate through the auth-method "cert", in which case the user must
> provide a valid certificate with a ce
Dear Postgresql Hackers,
as of now, pg_hba.conf allows us to enable authentification by
certificate through the auth-method "cert", in which case the user must
provide a valid certificate with a certificate common name(CN) matching
the database user's name or an entry in a pg_ident map.
Additiona
31 matches
Mail list logo
