SSL patch that adds support for optional client certificates.

If the user has certificates in $HOME/.postgresql/postgresql.crt
and $HOME/.postgresql/postgresql.key exist, they are provided
to the server.  The certificate used to sign this cert must be
known to the server, in $DataDir/root.crt.  If successful, the
cert's "common name" is logged.

Client certs are not used for authentication, but they could be
via the port->peer (X509 *), port->peer_dn (char *) or
port->peer_cn (char *) fields.  Or any other function could be
used, e.g., many sites like the issuer + serial number hash.

Bear Giles

1 files changed, 4 insertions, 1 deletions

diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h
index 76a4d1af624..18236db6d4c 100644
--- a/src/include/libpq/libpq-be.h
+++ b/src/include/libpq/libpq-be.h
@@ -11,7 +11,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: libpq-be.h,v 1.30 2002/06/14 04:33:53 momjian Exp $
+ * $Id: libpq-be.h,v 1.31 2002/06/14 04:36:58 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -70,6 +70,9 @@ typedef struct Port
 	 */
 #ifdef USE_SSL
 	SSL		   *ssl;
+	X509	   *peer;
+	char		peer_dn[128 + 1];
+	char		peer_cn[SM_USER + 1];
 	unsigned long count;
 #endif
 } Port;