projects / users / gsingh / postgres.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 18c170a) | patch
Overhaul pg_hba.conf clientcert's API
authorBruce Momjian <bruce@momjian.us>
Mon, 5 Oct 2020 19:48:40 +0000 (15:48 -0400)
committerBruce Momjian <bruce@momjian.us>
Mon, 5 Oct 2020 19:48:50 +0000 (15:48 -0400)
commit253f1025da8c8d6e52f96f764658b76eb59290ad
tree38fc72168864087798f2a2ee1a1415a640569aadtree
parent18c170a08ee23d03a06d235ea628fecb057d974fcommit | diff
Overhaul pg_hba.conf clientcert's API

Since PG 12, clientcert no longer supported only on/off, so remove 1/0
as possible values, and instead support only the text strings
'verify-ca' and 'verify-full'.

Remove support for 'no-verify' since that is possible by just not
specifying clientcert.

Also, throw an error if 'verify-ca' is used and 'cert' authentication is
used, since cert authentication requires verify-full.

Also improve the docs.

THIS IS A BACKWARD INCOMPATIBLE API CHANGE.

Reported-by: Kyotaro Horiguchi
Discussion: https://postgr.es/m/20200716.093012.1627751694396009053.horikyota.ntt@gmail.com

Author: Kyotaro Horiguchi

Backpatch-through: master
doc/src/sgml/client-auth.sgml diff | blob | blame | history
doc/src/sgml/runtime.sgml diff | blob | blame | history
src/backend/libpq/hba.c diff | blob | blame | history
Postgres clone for personal branches