mirrors
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix pg_hba_file_rules for authentication method cert 

For authentication method cert, clientcert=verify-full is implied. But
the pg_hba_file_rules entry would incorrectly show clientcert=verify-ca.

Per bug #17354

Reported-By: Feike Steenbergen
Reviewed-By: Jonathan Katz
Backpatch-through: 12
This commit is contained in:
Magnus Hagander 2022-01-26 09:52:41 +01:00
parent bd233bdd8d
commit 2dbb7b9b22
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/backend/libpq/hba.c
View File

@ -1684,7 +1684,11 @@ parse_hba_line(TokenizedLine *tok_line, int elevel)
*/ */
if (parsedline->auth_method == uaCert) if (parsedline->auth_method == uaCert)
{ {
parsedline->clientcert = clientCertCA; /*
* For auth method cert, client certificate validation is mandatory, and it implies
* the level of verify-full.
*/
parsedline->clientcert = clientCertFull;
} }
return parsedline; return parsedline;